1,219 questions with Active Directory Federation Services tags
antivirus and WAP
hi! Are there any concerns for installing antivirus on a couple of load balanced wap servers that are the front ends to the adfs 3? Thanks!
![](https://techprofile.blob.core.windows.net/images/ba2c189a9c5840fea5ce0e0e09eb72f2.png)
ADFS Dedicated Server
Can ADFS server be installed on a machine with other server roles installed or non-MS application services? Or is should be dedicated to ADFS only? I'm trying to look for article or documentation that will support this scenario but could not find any.…
ADFS windows 2016 -An error occurred during an attempt to read the federation metadata while configuring Zoom as Relying party trust
I am trying to select the first option to add zoom as relying party trust but getting attached error. i am using ADFS windows 2016. Relying party trust is Zoom. Can any one assist?
![](https://techprofile.blob.core.windows.net/images/8d3870ddab9a429594c7132766a66e5d.png)
2 ADFS Farms 1 SQL Server
I'm currently planning on rebuilding my ADFS farm from scratch and point it to a new domain (sts.example2.com) My current ADFS Farm (sts.example1.com) uses SQL server for the configuration and artifact databases. The configuration database will not…
ADFS successful login doesn't show in the event viewer
I enabled the ADFS log according the doc https://video2.skills-academy.com/en-us/windows-server/identity/ad-fs/troubleshooting/ad-fs-tshoot-logging. I can see the failed login but the successful login doesn't show in the event viewer. Any idea why this…
ADFS 3.0 move database to 2016 SQL clister
Hello all We are running ADFS 3.0 farm on windows 201R2. We currently have 4 nodes in the farm. Currently the ADFS database is pointing to an old 2008 sql cluster and we need to move the artifactdbconnection to a 2016 sql always on availability…
AAD Sign-Ins, but no Local AD sign-ins
We are configured with Azure AD Sync and ADFS for authentication. When a user signs in, they're directed to ADFS for authentication, and then back to the O354/Azure application. This records a Sign-In in the Azure Sign-Ins log, and it updates the…
Seamless Single sign on on MAC/Safari using Azure AD/ADFS
Hi Team, Is there a way to achieve seamless SSO on MAC os safari browser, we have below WIASupportedUserAgents added as ADFS properties. MSAuthHost/1.0/In-Domain MSIE 6.0 MSIE 7.0 MSIE 8.0 MSIE 9.0 MSIE 10.0 Trident/7.0 MSIPC Windows…
![](https://techprofile.blob.core.windows.net/images/kEaBzx2NUUuiIiWIzwa6Qw.png?8D9F54)
ADFS Authentication with Multiple Forests for Remote Desktop Services
Hello, How can I do ADFS Authentication with Multiple Forests for Remote Desktop Services? I have an on-premises Remote Desktop environment and now we are merged with other company and they want to access our Remote Desktop Environment with their AD…
![](https://techprofile.blob.core.windows.net/images/8d3870ddab9a429594c7132766a66e5d.png)
How to clear login_hint (user_hint)?
We have an application that performs HRD based on the users e-mail address that they enter. Then (in some cases) it either redirects the user to ADFS WAP for authentication or another IdP. The redirect includes the e-mail address entered by the user…
ADFS - possibility to determine to which application user has logged in
Hello, In our environment we use ADFS for authentication to various applications and we would like to have report about how many users logged in through ADFS to specific application. On basic logging level I was able to find only events 4624 and 4648…
![](https://techprofile.blob.core.windows.net/images/8d3870ddab9a429594c7132766a66e5d.png)
Active Directory Federation Service - Office365
Hi For O365 relying party trust: the Encryption Certificate is blank? is it normal? can we setup certificat? if yes How? For Token Decrypting and Token signing Certificates are by default self-signed. (not issued by a CA). May be issued by a CA?…
Persistent SSO with OnPrem ADFS for smartphones
We have an OnPrem ADFS setup for a web application. The web application is targeting windows 10 clients (kerberos) and smartphones (forms authentication). Smartphones could connect from the internal network or the internet. The Problem is that the…
ADFS authentication
Hi, Our users are having what seems like an ADFS authentication error code: Reference number: d270fca6-e14e-4af0-80eb-efb29c74e535" When I explored further it seems it has to do with authentication certificate as I received this message…
ADFS RP to Azure AD RP Migration
Hello, We are in the process of moving our Relay Parties trusts from on prem ADFS to Azure AD. I have a party trust setup with WebEx and it inlcudes some custom claim rules. Can someone help me in the proper formatting of these claims in Azure AD SSO? …
Private Personal Identifier with 2 nodes ADFS : how generate same PPID from both servers ?
I try to generate a PPID claim on ADFS windows 2019 with the rule (from https://video2.skills-academy.com/en-us/windows-server/identity/ad-fs/technical-reference/when-to-use-a-custom-claim-rule) : c:[Type ==…
ADFS via Internet
Dear Technet, hope you can help me moving forward. I have a WebApp Proxy with ADFS (V4) in place. Is it possible to use SSO via Internet: take my laptop (AD member) outside of the network, connect it via mobile phone to the Internet and access then a…
![](https://techprofile.blob.core.windows.net/images/8d3870ddab9a429594c7132766a66e5d.png)
ADFS - Append String to End of Attribute Passed
Good morning, I'm dealing with a challenge with the value passed by ADFS to an application in a particular attribute. Here is what he have for the value passed in the Claim Rule: c:[Type ==…
Bypass MFA for Apple DEP+Intune enrollment at on-prem ADFS 2016
Hello there, Looking for an advise on how to best overcome the following limitation. We're trying to enroll Mac devices with DEP enrollment and Intune. When binding the Mac to a user during install, it tries to log on and verify membership and…
If i set an EnrollmentAgentCertificateTemplate
Hi All, If i set an EnrollmentAgentCertificateTemplate does this effect all my Relying party trust? I like todo this: windows-virtual-desktop-sso