1,204 questions with Active Directory Federation Services tags
Convert my federated identity to standard
I setup my tenant with a Lab for federation and now the lab server no longer exists. I need to change my tenant back to standard. I tried to follow this article. https://gallery.technet.microsoft.com/office/Convert-MsolDomain-To-ced5a502 Thanks
ADFS 2012R2 Claims that map from LDAP to SAML2 output not always clear
I'm trying to create a claim issuance policy. One of the mappings has to be the user SID. When I use the Get-ADUser powershell cmdlet I can see the User SID property is "SID", but when I try to find that in the list of pre-defined LDAP menu…
ADFS SSL Renewal
So I am very new to AD FS and have been dropped in it. I have an SSL Cert that is going to expire in 7 days time. The production System has 2 AD server with FS on and 2 Proxy Server. I have created a test plaform that mimics the production as best I can…
Features and packages in Windows server 2019
With the help of the dism command and the /Get-Features switch I got a list of features and packages that are enabled or disabled in my installation. Is there any link that explains what these features do? (e.g. feature name: Tpm-PSH-Cmdlets). I…
ADFS and MFA in Microsoft Browsers
Hi I'm after some help or suggestions as to what could be causing some odd behaviour in ADFS. A little background first. We have 2 WAP severs sitting in front of 2 ADFS servers which cal on 2 third party MFA severs, in our case Securenvoy. I'm using…
Lock Down Relying Party based on AD Attribute, Title
Hi All, We are using the ADFS 3.0. please help me. As the title states, is it possible to lock down a relying party based on an attribute value a user has in AD? For example, Our object is to Deny if the user's Title attribute value contains the…
Can ADFS store and return user profile info upon login?
I am trying to connect my node.js application to ADFS, so that when a user logins in through ADFS it sends me the user's details (like whether he is an Admin, a regular user, or a privileged user). Can someone tell me if ADFS offers to store custom user…
Windows Application Proxy Server 2016 SSL Termination - CAN YOU TURN IT OFF??
Good Afternoon, My question is pretty simple. I'm just wondering if when using Windows Server 2016 Web Application Proxy to publish applications is there anyway to stop the WAP from doing SSL terminations (and rebuild) and just pass the traffic…
Problem adfs farm
Hello, They could help me, I have a problem in farm adfs, I have a primary and a secondary adfs and they are in a Microsoft NLB, when I restart my primary adfs the entire authentication environment falls, I validated all certificates in the adfs and…
ADFS (WAP) not recoginzing/handling as internal traffic
Have a WAP with ADFS (4.0). All traffic (internal and external) is going through the same WAP. The internal traffic is not recoginized as such. If I change the autehntication mode internally to certificate and WIA only, it still shows me the form…
Azure free account upgrade
I can,t upgrade for continued access to Azure my free Azure account
can i build and manage the adfs, not using Azure ad??
can i build and manage the adfs, not using Azure ad?? I do not want to use Azure AD just wanna On-premise adfs
ADFS Custom rule: Send Value based on OU membership
We are a community college and I want to make a custom rule in ADFS based on OU membership. This rule must send out value 'Employee' or 'Student' based on the OU the account is located in. I can't use AD groups because there isn't any group…
Can't sign-in through ADFS when ExtranetLockout is enabled
I have two AD forests with two-way trust (selective authentication): prod.com and clients.com. Schemas in both forests were updated to Windows 2019 by adprep. There are ADFS and WAP servers with Windows 2019 in prod.com. (Upgraded from Windows…
.NET Mvc app with MS Azure Authentication refresh
've integrated the Azure authentication in an MVC application via Owin libraries. HttpContext.Current.GetOwinContext().Authentication.Challenge( new AuthenticationProperties { RedirectUri = baseurl + "Login/Index", AllowRefresh = true…
Changing ADFS 3.0 service account (Server 2012 R2)
There are many post on how to change the service account by using the following script: ADFS3.xChangeSvcAcct.ps1 https://gallery.technet.microsoft.com/scriptcenter/Active-Directory-ddb67df0#content However, what I do not think is clear is how to…
New to ADFS (setup/diagram)
I am new to ADFS and I want to use one but don't know what the architecture would look like. For Internal use. Am I right to use this diagram? What ports are needed to communicate between the ADFS and DC? Do I need to use ADFS proxy for…
ADFS for two forest with two way bi-directional trust
Hello Experts, I have a scenario, in which we have two seperate forests A and forest B. There is a two way bi-directional trust between them. I have ADFS in forest A and there are many relying party applications ( SAML based ) in forest A. I want…
ADFS 2016 - Bypass Login Page using Local Claims Provider
Hello, I am on ADFS 2016 and I would like to bypass ADFS login page and use RESTful API to authenticate users stored in an LDAP Directory (Declared as Local Claims Provider). SAML 2.0 : apparently not possible to use REST API. =>Can you…
Deny Administrators Login to the ADFS page
Is it possible to deny Administrators Login ADFS because I do not want anyone outside the network to guess the Administrators' password of my domain instead of Access Control Policy? (Because I found that only denies the users cannot sign on to another…