1,218 questions with Active Directory Federation Services tags
Failed to add ADFS4.0 to farm
I have two ADFS 3.0 servers and two ADFSproxy servers(DMZ). All located in Azure. The machines all or load balanced. Now i try to add a windows 2016 server (ADFS 4.0) on a different VNET but peer with the old VNET. When i try to add the ADFS 4.0…
How to connect two on-premise domain controllers (not in the same network) to a single AzureAD
Good afternoon, everyone, Someone could tell me if it is possible to connect two domain controllers to a single Azure AD. Let me explain: I work in a IT company and we offer remote offices to our clients. Authentication in our remote offices is…
ADFS SSL renewal issue
Hello All, we got new SSL certificate to udpate ADFS WAP and ADFS server imported the SSL certificate local store and provided the service accout full control select set service communication as primary -done ADFS management shows new service…
AD FS SAML sign on with Azure AD Enterprise APP: AADSTS20001: The sign-in response message does not contain an issued token.
Hello everyone, I'm configuring trying to configure an IIS based Web App to accept a SAML authentication flow shaped this way: An Azure tenant on which some users are provisioned acts as IdP and is federated with AD FS for the SAML authentication…
ADFS Administrator Account
Good morning, I'm trying to update our Azure AD Connect to allow hybrid join of devices through ADFS. However, no matter what account I use, whether it is a local admin on the adfs server, or a domain admin, enterprise admin, schema admin, etc I…
onprem ADFS Conditional Access policies
Hello all We are currently using ADFS 2.0. We are federated with O365 and Azure using Azure AD Connect and onprem ADFS. We are doing DUO MFA onprem via ADFS claims rule. My question is can we take full advantage of CA policies if we are still using…
How to access ADFS externally with web app
Hello! I really need someone to help me out now since i spent days learning and doing labs and i finally made it but not completely. I have 3 VMs, 1 DC, ADFS server and ADFS proxy server with 2 NICs. Internally i can reach the ADFS login page with…
Select domain at ADFS login page
My ADFS connect to two AD Domain for authentication, can I let users select the domain they belong instead of typing the domain name?
ADFS 3.0 error 364 (msis 7042) on ADFS + error 224 on ADFS PROXY maybe after windows update
Hi all! Dynamics on premise, exposed with ADFS 3.0 and ADFS PROXY So i have this scenario: 1 vm x sql (lan) 1 vm x dynamics (lan) 2 vm x dns and dc (lan) 1 vm x adfs (lan) 1 vm x adfs proxy (Dmz) After windows update for windows 2012 r2 on…
adfs exchange
dears, i have 2 2016 exchange servers configured in dag mode. external urls are not published. users can connect just internally. the client recently asked to publish it externally using web app proxy. i have seen that this needs an adfs server to…
ADFS idpinitiatedsignon SAML assertion not signed
I am trying to extract SAMLResponse assertion via https://<adfs_domain>/adfs/ls/idpinitiatedsignon using a webview. The problem is that the SAMLResponse assertion is not signed and the signature is not included inside the assertion. As a result…
ADFS - AAD integration - No AzureAD Connect - SAML ImmutableID error
Hello everyone, I'm working on enabling login to an adfs-federated Enterprise Web App through AAD SAML. I haven't found any good documentation on the matter (or blogpost) which describes my specific usecase so I'm mostly doing trial and error. I know…
Authentication Loop use ADFS with CRM
I posted this in CRM Dynamics to no avail so I'm trying here. I have two users (one being me) who get an authentication loop when attempting to access our CRM system via our intranet. I used a SAML inspection program and I get ws-fed error …
Claims rule to get WindowsAccountName
I have configured Claims Provider Trust in ADFS and I am getting only Email in NameID. I can not make changes to Third party Claims Provider Trust, so I have to get WindowsAccountName using Email which I received in NameID from Third Party IDP and…
ADFS - WAP traficc handle
Hi! My ADFS solution idea looks like this: Internet to FW to NLB to WAP1 and WAP2 to FW to ADFS1/ADFS2/ADFS3/ADFS4 to AD. The NLB distribute the incoming traffic to the WAP servers (Round-robin) and the WAP servers distribute the traffic to…
Automatic device join in single AD - multiple Azure topology
Hi all, Our customer is considering implementing topology with single onprem AD synchronized to multiple Azure AD tenants, using a single ADFS farm. The customer needs availability of Autopilot with Hybrid AD join for devices in all Azure AD tenants.…
How to send comma separated AD attribute value as separate ADFS role claims?
Our business roles from ERP are populated into extensionAttribute5 AD attribute. The value of this attribute may look like: SAXTechs PrimaTechs SAXTechs,PrimaTechs How can we send these values as separate role claims using ADFS 4…
Import SSL into ADFS for linking Azure AD to Local AD.
So I am attempting to test a huge connection of my azure AD to my Local AD but I need an ADFS in my environment for Federated logins from AzureI am attempting to deploy one but it's asking for an SSL cert I need support importing an SSL cert into my…