Questions tagged [adfs]

Active Directory Federation Services (ADFS) is a standards-based web Single Sign-On federated identity which implements claims based authentication across forests.

Active Directory Federation Services (ADFS for short) is a standards-based Web Single Sign-On federated identity which implements claims based authentication across forests. There are multiple versions ADFS 2.0 on WS2008/R2, ADFS in WS2012 (also called 2.1), ADFS in WS2012R2 (also called 3.0) and ADFS in WS2016 (also called 4.0)

ADFS provides authentication services for applications over standard protocols. We typically refer to these apps as claims based applications. Claims based authentication is the process of authenticating a user based on a set of claims about its identity contained in a trusted token. Such a token is often issued and signed by an entity that is able to authenticate the user by other means, and that is trusted by the entity doing the claims based authentication. Claims are essentially attributes derived from Active Directory, a LDAP or SQL server.

In ADFS, identity federation is established between two organizations by establishing trust between two security realms. A federation server on one side (the Accounts side) authenticates the user through the standard means in Active Directory Domain Services and then issues a token containing a series of claims about the user, including its identity.

On the other side, the Resources side, another federation server validates the token and issues another token for the local servers to accept the claimed identity. This allows a system to provide controlled access to its resources or services to a user that belongs to another security realm without requiring the user to authenticate directly to the system and without the two systems sharing a database of user identities or passwords.

Latest developer oriented information can be found at links below.

AD FS OpenID Connect/OAuth Concepts https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/development/ad-fs-openid-connect-oauth-concepts

AD FS OpenID Connect/OAuth flows and Application Scenarios https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/overview/ad-fs-openid-connect-oauth-flows-scenarios

2074 questions

votes

3 answers

What's the difference between ADFS, WIF, WS Federation, SAML, and STS?

These are numerous technologies and buzzwords used for single sign-on with Microsoft services. Can someone explain ADFS, WIF, WS Federation, SAML, and STS (Security token service), including where and when each is being used.

asked Nov 02 '11 at 11:02

Tiffany Harry

votes

3 answers

SAML/ADFS node.js implementation guide?

I'd like to preface this by saying that until now, I hadn't even HEARD of SAML, much less developed a SSO strategy involving it. That, combined with the fact that I've barely been doing node for a year makes for a glorious newbie sandwich. …

node.js single-sign-on saml-2.0 adfs

asked Nov 13 '14 at 04:31

SpacePope

1,423
1
15
21

votes

1 answer

AD vs ADFS vs LDAP: Explain it like I'm 5

I don't work with Microsoft but I'm struggling understanding conceptually how AD, ADFS and LDAP work together. Let's say I have an application that needs an Identity Provider. How does AD and LDAP come into play? My googling hasn't come up with a…

active-directory ldap identity adfs

asked Jun 24 '18 at 04:06

brezotom

votes

1 answer

OWIN Authentication Pipeline To Use Katana Middleware Correctly?

I'm looking to use WsFederation Authentication against an internal ADFS 2 service and to use the OWIN authentication pipeline . What is considered to be the order in which middleware should be hooked up and which modules are required in various…

.net owin adfs ws-federation katana

asked Sep 04 '14 at 10:59

Tom Tregenna

1,281
1
13
23

votes

5 answers

AADSTS700016: Application with identifier 'some_id' was not found in the directory 'some_another_id'

I need a federated authentication with custom policy (when user authenticated I need him to appear marked as Federated in b2c users, not Others or something else what I could achieve with single tenant), I had it before with default policy setup in…

azure-active-directory azure-ad-b2c saml saml-2.0 adfs

asked Aug 02 '19 at 10:27

basilio

votes

1 answer

Using WIF, what is the difference between audienceUris and realm?

We have an ASP.NET application using WIF. Our web.config file has a section like this:

wif adfs2.0 adfs

asked Aug 02 '12 at 13:38

Bryan

2,775
3
28
40

votes

6 answers

Cognito logout does not work as documented

I have a Cognito user pool configured with a SAML identity provider (ADFS) and I'm able to sign it as a federated user (AD) but sign out does not work. Following the documentation, I make a GET request to…

amazon-web-services adfs amazon-cognito

asked Apr 20 '18 at 21:56

sharpthor

votes

2 answers

ADAM, Active Directory, LDAP, ADFS, Identity

What is the difference/relation between ADAM, Active Directory, LDAP, ADFS, Windows Identity, cardspace and which server (Windows 2003, Windows 2008) uses what?

active-directory ldap adam windows-identity adfs

asked Jan 06 '11 at 21:12

kayak

1,805
5
18
22

votes

2 answers

ADFS v2.0 : Finding errors referenced by the reference number

I get a number of browser error messages using ADFS, all of the form. There was a problem accessing the site. Try to browse to the site again. If the problem persists, contact the administrator of this site and provide the reference number…

adfs adfs2.0

asked Feb 28 '11 at 20:35

rbrayb

46,440
34
114
174

votes

2 answers

How to query an on-premises Dynamics CRM from a Web App (Node/Express)

Been banging my head against a few walls with this so hoping some CRM/Dynamics experts can give me a hand! I'm trying to programatically obtain data out of our Dynamics CRM instance, using a single set of admin credentials within a Node powered…

node.js dynamics-crm azure-active-directory microsoft-dynamics adfs

asked Apr 10 '18 at 21:58

An0nC0d3r

1,275
13
33

votes

2 answers

Azure/web-farm ready SecurityTokenCache

Our site uses ADFS for auth. To reduce the cookie payload on every request we're turning IsSessionMode on (see Your fedauth cookies on a diet). The last thing we need to do to get this working in our load balanced environment is to implement a farm…

azure wif web-farm adfs geneva-framework

asked Nov 04 '11 at 20:48

Jeremy Danyow

26,470
12
87
133

votes

2 answers

How do I simulate an ADFS IdP to facilitate the testing of my SP code

I need to provide a SAML2.0 based Single Sign On (SSO) feature for my node.js service. This will consume SAML assertions generated by an Identity Provider (IdP) running Active Directory Federated Services (ADFS) Ideally I would like to set up a…

single-sign-on adfs

asked Jul 02 '14 at 11:46

biofractal

18,963
12
70
116

votes

3 answers

Use OWIN Ws-Federation package to authenticate against ADFS 3.0

I have an MVC intranet site that needs to use AD accounts for authentication. I setup ADFS 3.0 (Win Server 2012 R2) and followed this to setup the ADFS Relying Party Trust. This other post introduces the Ws-Federation OWIN components and I'd like…

authentication owin adfs katana

asked Apr 24 '14 at 07:25

oscarmorasu

votes

1 answer

Can I provide the username to use in a SAML request? (AD FS)

When initiating a SAML authentication request (from the Service Provider), is there any way to give the Identity Provider a hint as to which username to use? In my application I know which user it wants to authenticate (based on a unique link the…

single-sign-on saml saml-2.0 adfs

asked Nov 19 '13 at 14:54

joelsand

2,245
2
21
31

votes

1 answer

Authorize WebApp to ADFS in order to access Dynamics CRM Web API

I have a web application that needs to speak with Dynamics CRM 365 Web API. The Dynamics CRM is configured as a Relying Party on ADFS. The server is Windows Server 2016 and everything is on premise and not on Azure. What I did to acquire a valid…

authorization dynamics-crm token adfs dynamics-365

asked Aug 02 '17 at 17:23

Ricky Stam

2,116
21
25

2 3

…

99 100 Next