1,226 questions with Active Directory Federation Services tags
ADFS authentication
Hi, Our users are having what seems like an ADFS authentication error code: Reference number: d270fca6-e14e-4af0-80eb-efb29c74e535" When I explored further it seems it has to do with authentication certificate as I received this message…
ADFS RP to Azure AD RP Migration
Hello, We are in the process of moving our Relay Parties trusts from on prem ADFS to Azure AD. I have a party trust setup with WebEx and it inlcudes some custom claim rules. Can someone help me in the proper formatting of these claims in Azure AD SSO? …
Private Personal Identifier with 2 nodes ADFS : how generate same PPID from both servers ?
I try to generate a PPID claim on ADFS windows 2019 with the rule (from https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/technical-reference/when-to-use-a-custom-claim-rule) : c:[Type ==…
ADFS via Internet
Dear Technet, hope you can help me moving forward. I have a WebApp Proxy with ADFS (V4) in place. Is it possible to use SSO via Internet: take my laptop (AD member) outside of the network, connect it via mobile phone to the Internet and access then a…
ADFS - Append String to End of Attribute Passed
Good morning, I'm dealing with a challenge with the value passed by ADFS to an application in a particular attribute. Here is what he have for the value passed in the Claim Rule: c:[Type ==…
Bypass MFA for Apple DEP+Intune enrollment at on-prem ADFS 2016
Hello there, Looking for an advise on how to best overcome the following limitation. We're trying to enroll Mac devices with DEP enrollment and Intune. When binding the Mac to a user during install, it tries to log on and verify membership and…
If i set an EnrollmentAgentCertificateTemplate
Hi All, If i set an EnrollmentAgentCertificateTemplate does this effect all my Relying party trust? I like todo this: windows-virtual-desktop-sso
Adding second ADFS
Hello, guys. I have one on-prem vm, with adfs role installed. On this vm i have already configured azure ad connect, with public ssl installed. ADFS use mssql db. Sync and authorization in office 365 on this adfs server works fine. I want to add…
Failed to add ADFS4.0 to farm
I have two ADFS 3.0 servers and two ADFSproxy servers(DMZ). All located in Azure. The machines all or load balanced. Now i try to add a windows 2016 server (ADFS 4.0) on a different VNET but peer with the old VNET. When i try to add the ADFS 4.0…
How to connect two on-premise domain controllers (not in the same network) to a single AzureAD
Good afternoon, everyone, Someone could tell me if it is possible to connect two domain controllers to a single Azure AD. Let me explain: I work in a IT company and we offer remote offices to our clients. Authentication in our remote offices is…
ADFS SSL renewal issue
Hello All, we got new SSL certificate to udpate ADFS WAP and ADFS server imported the SSL certificate local store and provided the service accout full control select set service communication as primary -done ADFS management shows new service…
AD FS SAML sign on with Azure AD Enterprise APP: AADSTS20001: The sign-in response message does not contain an issued token.
Hello everyone, I'm configuring trying to configure an IIS based Web App to accept a SAML authentication flow shaped this way: An Azure tenant on which some users are provisioned acts as IdP and is federated with AD FS for the SAML authentication…
ADFS Administrator Account
Good morning, I'm trying to update our Azure AD Connect to allow hybrid join of devices through ADFS. However, no matter what account I use, whether it is a local admin on the adfs server, or a domain admin, enterprise admin, schema admin, etc I…
onprem ADFS Conditional Access policies
Hello all We are currently using ADFS 2.0. We are federated with O365 and Azure using Azure AD Connect and onprem ADFS. We are doing DUO MFA onprem via ADFS claims rule. My question is can we take full advantage of CA policies if we are still using…
How to access ADFS externally with web app
Hello! I really need someone to help me out now since i spent days learning and doing labs and i finally made it but not completely. I have 3 VMs, 1 DC, ADFS server and ADFS proxy server with 2 NICs. Internally i can reach the ADFS login page with…
Select domain at ADFS login page
My ADFS connect to two AD Domain for authentication, can I let users select the domain they belong instead of typing the domain name?
ADFS 3.0 error 364 (msis 7042) on ADFS + error 224 on ADFS PROXY maybe after windows update
Hi all! Dynamics on premise, exposed with ADFS 3.0 and ADFS PROXY So i have this scenario: 1 vm x sql (lan) 1 vm x dynamics (lan) 2 vm x dns and dc (lan) 1 vm x adfs (lan) 1 vm x adfs proxy (Dmz) After windows update for windows 2012 r2 on…
adfs exchange
dears, i have 2 2016 exchange servers configured in dag mode. external urls are not published. users can connect just internally. the client recently asked to publish it externally using web app proxy. i have seen that this needs an adfs server to…
ADFS idpinitiatedsignon SAML assertion not signed
I am trying to extract SAMLResponse assertion via https://<adfs_domain>/adfs/ls/idpinitiatedsignon using a webview. The problem is that the SAMLResponse assertion is not signed and the signature is not included inside the assertion. As a result…
ADFS - AAD integration - No AzureAD Connect - SAML ImmutableID error
Hello everyone, I'm working on enabling login to an adfs-federated Enterprise Web App through AAD SAML. I haven't found any good documentation on the matter (or blogpost) which describes my specific usecase so I'm mostly doing trial and error. I know…