1,219 questions with Active Directory Federation Services tags
ADFS External access - new and trying to find some guides/guidance
For the most part I have ADFS working when accessed internally. However the main purpose for us implementing ADFS was for external access. We want to have ADFS be the primary authentication method for employees who have no VPN, or access to the domain…
Web Application Proxy with IIS client certificate authentication behind
Dear all, I have running a WAP (Server 2019) and an IIS (10.0). On IIS, a website is running, https://te.contoso.com/. A subfolder (te.contoso.com/subfolder) is protected by one-to-one client certificate authentication. This is working fine, as…
Certificate trust validation failed
After running the Microsoft Remote Connectivity Analyzer, we received a connectivity test fail while testing the certificate: Testing the SSL certificate to make sure it's valid. The SSL certificate failed one or more certificate validation…
Federating and synchronising verified domain with existing AAD user accounts
We currently have two verified domains in our tenant. One is the primary UPN suffix in our onsite Active Directory and is already synchronised with AAD Connect and federated with ADFS. Now we want to do the same with the second domain - synchronise and…
Azure AD sync with multiple on-premp from differnet location
I have an on-prem AD called local.aa.com & an Azure O365 users aa.com, not synced. we are merging with different organizations, ab.com, ac.com, ad.com, they all have on-prem AD and O365 users. We need to federate or create a trust so all the AD…
Pass windows credentials through ADFS for external site without being prompted??
im running into an issue with passing logged in user credentials through internal ADFS to external website without being prompted for credentials. I added the site into the trusted sites, set the "automatic logon with current username and…
Migrate Relay Party to ADSF 2012 to 2019
HI Guys, I have almost 350+ RP configured in adfs 2012. I'm migrating all Relay Party from ADFS 2012 to 2019. Configuring this manually on 2019 its taking long time. old and new are different farm. can anyone help me with adfs have any migrate…
I keep getting errors while customizing ADFS
I'm trying to customize an ADFS (Windows Server 2019) server that won't take any of the command I give it. I'm using the exact same commands I've used to customize these pages with the same files even from the same locations but now it won't take them,…
ADFS Error upon logout (SAML)
Is there any difference between what ADFS and Azure support with respect to logout requests (is there a configuration on the ADFS side that needs to be set, does the SAML request need to include/exclude/get signed/etc. when sending to ADFS vs. Azure)?
ADFS - initiate a connexion without using IdInitiatedSignon.html
Hello, I'd set up a relying party with an external webapp and I'd like to know if it's possible to connect the webapp (which I send the claims to) without using the https://adfs.internal.com/adfs/ls/idpinitiatedsignon.html which allows me to select…
List of ADFS proxies
Is there a way to get a list of proxies added to the ADFS server? For instance a PowerShell cmdlet like Get-AdfsProxyList? Use case - admin who set these up no longer works here.
ADFS woes with .local domain and getting around it on 2016 servers.
Ive inherited a domain set up as abc.local Within the domain are many, many services and applications. The exchange is onsite and very few but growing cloud presence. Changing the domain from abc.local to an outside domain such as abc.com isnt…
Relying Party SAML logout request not logging out user from their portal
We have an ADFS 4 server and a proxy server, and about 10 relying parties set up for various software vendors. After importing a new relying party metadata file into ADFS, the relying party properties in ADFS show empty Signature and Encryption…
Cannot connect ADFS 2019 to Azure AD Domain Controller
I have setup a new Azure AD Domain Services and an Azure VM running ADFS. I now want to connect ADFS to the Azure AD Domain Services. I run the Active Directory Federation Services Configuration Wizard and the first step is to specify an account with…
ADFS - Identity for Mobile Apps
HI Guys, I have requirement is to use Application from Browser and Mobile App as well. ADFS infra running 2016 & 2019. If i create Relay Party it is working only in Browser. How i can make identity with Both? How to create the identity for…
ADFS Claim to convert values to lower case
Hi! We are currently using this claim rule but we need to change the attribute mail to lower case c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"] =>…
Web application proxy for an internal web application with pre-authentication
Hi, maybe someone has a clue for me on this issue. So I have a WAP set up with ADFS and it works fine for exposing an ADFS server to the internet. Now I got the quest to replace the TMG server which could do pre-authentication, and a for me obvious…
Set ACL of multiple group in AD via POWERSHELL
Hi everyone sorry but i'm not very good with Powershell and I need to set the ACL permission for 500 security groups in AD, in particular I should give the rights of; WRITE, READ and DELETE to user TEST1 in all groups that i have exported in TXT file,…
WHFB Hello change farm
Hello, I have an ADLDS farm on Win2016 adfs.domain.com, I installed a new one on Win2019 fs.domain.com. I would like now to make sure my new farm act as the registration authority when configuring MS Hello internally in the enterprise. But I have no…
ADFS certficate export
Hello team we need to export ADFS token signing and token decrypting certificate with private key but when we do it export /copy do not get option to export keys Please advise