1,226 questions with Active Directory Federation Services tags
ADFS 2016 - Bypass Login Page using Local Claims Provider
Hello, I am on ADFS 2016 and I would like to bypass ADFS login page and use RESTful API to authenticate users stored in an LDAP Directory (Declared as Local Claims Provider). SAML 2.0 : apparently not possible to use REST API. =>Can you…
Deny Administrators Login to the ADFS page
Is it possible to deny Administrators Login ADFS because I do not want anyone outside the network to guess the Administrators' password of my domain instead of Access Control Policy? (Because I found that only denies the users cannot sign on to another…
![](https://techprofile.blob.core.windows.net/images/MSR8Wm9BNEm1j3QxhS-TEg.png?8DC6A0)
![](https://techprofile.blob.core.windows.net/images/MSR8Wm9BNEm1j3QxhS-TEg.png?8DC6A0)
Can I custom other webpage in ADFS?
I know that I can custom the ADFS login page and I have done my customization. Still, I want to ask can I custom other webpages, especially the page when the user login successfully (like the picture that I attach). Thanks for your help!
![](https://techprofile.blob.core.windows.net/images/MSR8Wm9BNEm1j3QxhS-TEg.png?8DC6A0)
![](https://techprofile.blob.core.windows.net/images/MSR8Wm9BNEm1j3QxhS-TEg.png?8DC6A0)
Password reset does not stop access if valid MFA token
Using MFA Server with ADFS Adapter If a MFA enabled user changes their password, email is still accessible on phone without having to change password, assuming until token expires. I have read with Azure AD the refresh token would require the device…
ADFS 4.0 on 2019, Device Registration Service - deleted Relying Party Trust
I am really struggling with this one. I installed ADFS 4 on 2019 (yes, 2019 forest and domain levels), topology is one back-end federation server for the farm, one database server (SQL, not WID). Haven't even setup the WAP yet...was playing with Device…
Migrating server to another network
Hi, I need to change the IP of the server that has the function of ADFS only. Are there any problems? Thank you.
Looking for the best solution to integrate azure AD with on-prem and other subsidiaries to share teams, calender, sharepoint online.
we have our AD domain in azure for example as abc.com with on-prem as abc.local, we want to connect for single sign on. Also looking for a solution to connect other subsidiaries for example def.com, xyz.com etc to share teams, calendar, sharepoints with…
ADFS External access - new and trying to find some guides/guidance
For the most part I have ADFS working when accessed internally. However the main purpose for us implementing ADFS was for external access. We want to have ADFS be the primary authentication method for employees who have no VPN, or access to the domain…
Web Application Proxy with IIS client certificate authentication behind
Dear all, I have running a WAP (Server 2019) and an IIS (10.0). On IIS, a website is running, https://te.contoso.com/. A subfolder (te.contoso.com/subfolder) is protected by one-to-one client certificate authentication. This is working fine, as…
Certificate trust validation failed
After running the Microsoft Remote Connectivity Analyzer, we received a connectivity test fail while testing the certificate: Testing the SSL certificate to make sure it's valid. The SSL certificate failed one or more certificate validation…
Federating and synchronising verified domain with existing AAD user accounts
We currently have two verified domains in our tenant. One is the primary UPN suffix in our onsite Active Directory and is already synchronised with AAD Connect and federated with ADFS. Now we want to do the same with the second domain - synchronise and…
Azure AD sync with multiple on-premp from differnet location
I have an on-prem AD called local.aa.com & an Azure O365 users aa.com, not synced. we are merging with different organizations, ab.com, ac.com, ad.com, they all have on-prem AD and O365 users. We need to federate or create a trust so all the AD…
![](https://techprofile.blob.core.windows.net/images/2fooggAAAwAAAAAAAAAAAA.png?8DC1D0)
Pass windows credentials through ADFS for external site without being prompted??
im running into an issue with passing logged in user credentials through internal ADFS to external website without being prompted for credentials. I added the site into the trusted sites, set the "automatic logon with current username and…
![](https://techprofile.blob.core.windows.net/images/8d3870ddab9a429594c7132766a66e5d.png)
Migrate Relay Party to ADSF 2012 to 2019
HI Guys, I have almost 350+ RP configured in adfs 2012. I'm migrating all Relay Party from ADFS 2012 to 2019. Configuring this manually on 2019 its taking long time. old and new are different farm. can anyone help me with adfs have any migrate…
I keep getting errors while customizing ADFS
I'm trying to customize an ADFS (Windows Server 2019) server that won't take any of the command I give it. I'm using the exact same commands I've used to customize these pages with the same files even from the same locations but now it won't take them,…
![](https://techprofile.blob.core.windows.net/images/SCj8GqrQxE2OxGIGxs7hYA.png?8D8BD7)
![](https://techprofile.blob.core.windows.net/images/8d3870ddab9a429594c7132766a66e5d.png)
ADFS Error upon logout (SAML)
Is there any difference between what ADFS and Azure support with respect to logout requests (is there a configuration on the ADFS side that needs to be set, does the SAML request need to include/exclude/get signed/etc. when sending to ADFS vs. Azure)?
ADFS - initiate a connexion without using IdInitiatedSignon.html
Hello, I'd set up a relying party with an external webapp and I'd like to know if it's possible to connect the webapp (which I send the claims to) without using the https://adfs.internal.com/adfs/ls/idpinitiatedsignon.html which allows me to select…
List of ADFS proxies
Is there a way to get a list of proxies added to the ADFS server? For instance a PowerShell cmdlet like Get-AdfsProxyList? Use case - admin who set these up no longer works here.
ADFS woes with .local domain and getting around it on 2016 servers.
Ive inherited a domain set up as abc.local Within the domain are many, many services and applications. The exchange is onsite and very few but growing cloud presence. Changing the domain from abc.local to an outside domain such as abc.com isnt…
![](https://techprofile.blob.core.windows.net/images/8d3870ddab9a429594c7132766a66e5d.png)
Relying Party SAML logout request not logging out user from their portal
We have an ADFS 4 server and a proxy server, and about 10 relying parties set up for various software vendors. After importing a new relying party metadata file into ADFS, the relying party properties in ADFS show empty Signature and Encryption…