Sign in
Home
Library
Wiki
Learn
Gallery
Downloads
Support
Forums
Blogs
Resources For IT Professionals
United States (English)
Россия (Pусский)
中国(简体中文)
Brasil (Português)
Get this Tag RSS feed
Translate this page
Powered by
Microsoft® Translator
Popular Tags
Active Directory
AD
AD DS
AD FS
adfs
ASP.NET
azure
BizTalk
BizTalk Server
BizTalk Server 2010
C#
Candidate for deletion
certification
cloud
core docs
de-DE
EAA
Ed Price
Ed's Stub Pages
en-US
ESA
es-ES
Excel
Exchange
Exchange 2010
Exchange Server 2010
fa-IR
Fernando Lugao Veltem
FIM
FIM 2010
forefront
forums
fr-FR
Gokan Ozcifci
has code
has comment
has comments
has image
has Images
has Other Languages
has See Also
Has Table
Has TOC
Horizon_Net
How To
Hyper-V
id-ID
IIS
Italian Wiki Articles
it-IT
ja-JP
Jordano Mazzoni
Link Collection
Luciano Lima
Luigi Bruno
Lync Server 2010
MCTS
MIISILMFIM MACAULAY
Multi Language Wiki Articles
needs work
operations manager
Portal
Português Brasil
PowerShell
Private Cloud
pt-BR
security
SharePoint
SharePoint 2010
SharePoint 2013
Small Basic
solucionando problemas
spam
SQL Server
SQL Server 2012
stub
System Center
System Center 2012
TechNet Wiki Featured Article
tonyso
Translated into Japanese
troubleshooting
tr-TR
UAG
vídeo
Video
Virtualization
VMM
Wiki
Windows
Windows 7
Windows 8
Windows Azure
Windows Server
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
yottun8
اکتیو دایرکتوری
Browse by Tags
>
TechNet Articles
>
All Tags
>
AD FS 2.0
Tagged Content List
Wiki Page:
AD FS 2.0: Selectively send group membership(s) as a claim
JaredPoeppelman
You can send group membership as claims by using the built in templates Create a new rule, choose “Send LDAP Attributes as Claims” Choose Active Directory as the Attribute Store, and choose the LDAP Attribute “Token-Groups – Unqualified Names” and the claim type as “Group” This will send...
on
22 May 2013
Wiki Page:
ADFS 2.0 High Availability and High Resiliency Walkthrough
Carsten Siemens
ADFS 2.0 can be designed with high availability and resiliency to provide authentication service for the applications. Inspired by the MSIT technical case study: Enhancing Federation Services for Internal and External Partners ( http://technet.microsoft.com/en-us/library/ff803566.aspx ). This article...
on
15 May 2013
Wiki Page:
AD FS 2.0: How to Set the Primary Federation Server in a WID Farm
Carsten Siemens
Summary When you deploy an Active Directory Federation Services ( AD FS) 2.0 Federation Server farm, you have the option of choosing Windows Internal Database (WID) or SQL to store the configuration information. When you select WID, which is the default in the Initial Configuration Wizard GUI...
on
15 May 2013
Wiki Page:
Active Directory Federation Services (AD FS) Overview
Carsten Siemens
Active Directory Federation Services (AD FS) makes it possible for local users and federated users to use claims-based single sign-on (SSO) to Web sites and services. You can use AD FS to enable your organization to collaborate securely across Active Directory domains with other external organizations...
on
15 May 2013
Wiki Page:
AD FS 2.0: Migrate Your AD FS Configuration Database to SQL Server
Jorge de Almeida Pinto [MVP-DS]
The AD FS configuration database stores all the configuration data that represents a single instance of AD FS 2.0 (also known as the Federation Service). You can store this configuration data in either a Microsoft SQL Server® database or using the Windows Internal Database. The Windows Internal Database...
on
15 May 2013
Wiki Page:
AD FS 2.0: How to Replace the SSL, Service Communications, Token-Signing, and Token-Decrypting Certificates
Carsten Siemens
Table of Contents Replacing the SSL and Service Communications certificate Replacing the Token-Signing certificate Replacing the Token-Decrypting certificate More Information Were you looking for AD FS 1.x information regarding certificate replacement? Have you recently enabled AutoCertificateRollover...
on
15 May 2013
Wiki Page:
SharePoint 2010: How to Install and Configure ADFS 2.0 for SharePoint 2010 on Windows Server 2008 R2
Richard Mueller
Table of Contents 1 Overview 2 System requirements 3 Additional information 4 Download Center 5 Install ADFS 2.0 on Windows Server 2008R2 ( DC side ) 6 Configure ADFS 2.0 for SharePoint 2010 7 Configure SharePoint 2010 for AD FS 2.0 ( Application Server Side ) 8 Some tests 9 Install ADFS on Windows Server...
on
14 May 2013
Wiki Page:
Forefront UAG Troubleshooting: Event ID 152: User Could Not Be Signed Out
Richard Mueller
Symptoms — End users click the Log Off button in the Forefront UAG portal and are logged out of the portal, but an event 152 appears in the event viewer or in the Web Monitor with the description " WS-FAM: User with lead user claim value [user_name] could not be signed out. Session ID [session_ID...
on
14 May 2013
Wiki Page:
SharePoint 2010: How to Install and Configure ADFS for SharePoint 2010 on Windows Server 8
Carsten Siemens
Active Directory Federation Services (AD FS) 2.0 helps simplify access to applications and other systems with an open and interoperable claims-based model. The AD FS 2.0 platform provides a fully redesigned Windows-based Federation Service that supports the WS-Trust, WS-Federation, and Security Assertion...
on
27 Apr 2013
Wiki Page:
AD FS 2.0: "ID4037: The key needed to verify the signature could not be resolved from the following security key identifier"
Fernando Lugão Veltem
Symptoms During a federation passive sign-in request using SAML 2.0 protocol , the request fails and the user lands on the AD FS 2.0 error page The Verbose AD FS 2.0/Admin log shows Error event 303 : Log Name: AD FS 2.0/Admin Source: AD FS 2.0 Date: 9/17/2010 10:54:19 AM Event...
on
25 Apr 2013
Wiki Page:
AD FS 2.0 Content Map
David Worthington
Subscribe to RSS Feed Share on Facebook Send link to a friend This Active Directory Federation Services (AD FS 2.0) wiki page is intended to act as a content map for all members of the AD FS community . Members of the AD FS product team will occasionally monitor this article...
on
9 Apr 2013
Wiki Page:
AD FS 2.0: How to Utilize a Single Relying Party Trust for Multiple Web Applications that Share the Same Identifier
Richard Mueller
A common request we receive from customers is: "I have multiple environments for the same web application. For example, development (DEV), staging (STAGE), and production (PROD). I want to create one Relying Party (RP) Trust in AD FS 2.0 which utilizes a single set of issuance claim rules,...
on
5 Apr 2013
Wiki Page:
Understanding Claim Rule Language in AD FS 2.0
Richard Mueller
Table of Contents Introduction Understanding Claim Sets General Syntax of the Claim Rule Language Condition Statements Issuance Statements Multiple Conditions Combining Values Aggregate Functions Using Regular Expressions Querying Attribute Stores SQL Attribute Stores LDAP Attribute Stores Links to Additional...
on
4 Apr 2013
Wiki Page:
AD FS 2.0: Guidance for Selecting and Utilizing a Federation Service Name
Matth CH
Prior to deploying AD FS 2.0, it is essential that a Federation Service Name is selected, and there are some important items to consider before selecting the Federation Service Name. Items for Consideration 1. The Federation Service Name must never equal any machine name in the Active...
on
3 Apr 2013
Wiki Page:
AD FS 2.x: When a User is Not Authorized Access to a Relying Party, Redirect the User to a Specific Location
Adam Conkle - MSFT
Overview Consider the following scenario: You have deployed AD FS 2.x, and you wish to provide granular access to specific relying parties by utilizing Issuance Authorization Rules on each Relying Party Trust As an example, you have Contoso SharePoint as a relying party, and you wish to only...
on
27 Mar 2013
Wiki Page:
AD FS 2.0: Dynamic Claim Types
Joji Oshima
Dynamic Claim Types There is data stored about a user in a SQL database ( or other attribute store ). The data stored about the user in the database needs to be a part of the claim type and not the value of the claim. For example, properties “ Redmond ” and “ Building3 ” stored in a database...
on
28 Feb 2013
Wiki Page:
AD FS 2.0: Using RegEx in the Claims Rule Language
Joji Oshima
An Introduction to Regex The use of RegEx allows us to search or manipulate data in many ways in order to get a desired result. Without RegEx, when we do comparisons or replacements we must look for an exact match. Most of the time this is sufficient but what if you need to search or replace based...
on
28 Feb 2013
Wiki Page:
AD FS 2.0: Asserting the NameID Claim Type with Additional Properties
Adam Conkle - MSFT
Overview The SAML NameID claim type is a special claim type used to identify the principal of the session, and this claim type can be asserted containing only the value data, or you can also choose to assert additional NameID properties. Below, you will find a Claim Rule Language sample, which...
on
27 Feb 2013
Wiki Page:
AD FS 2.0: Understanding AutoCertificateRollover Threshold Properties
Adam Conkle - MSFT
Item Sample Value Description of Item Effect AutoCertificateRollover True Specifies whether the system will manage certificates for the administrator and generate new certificates before the expiration date of current certificates. ...
on
27 Feb 2013
Wiki Page:
AD FS 2.0: How to Consume RelayState to Automate Access to Relying Parties During IDP-Initiated Sign-On
Yagmoth555
“This article has been retired since a fix for this issue has recently been made available. For details about what RelayState issue was fixed, see Description of Update Rollup 2 for Active Directory Federation Services (AD FS) 2.0 or Supporting Identity Provider Initiated RelayState .”
on
23 Feb 2013
Wiki Page:
AD FS 2.0: How To Modify The Duration of AutoCertificateRollover Certificates
Yagmoth555
Overview By default in AD FS 2.0, the self-signed certificates generated by AutoCertificateRollover are valid for 365 days. Although AD FS 2.0 will maintain these certificates for the service, it is the responsibility of the AD FS 2.0 administrator or the Claims Proivder/Relying Party partner administrator...
on
23 Feb 2013
Wiki Page:
Forefront UAG Troubleshooting: Event ID 161: The User Name Claim Type Is Missing from the Security Token
Richard Mueller
Symptoms — When end users attempt to access the Forefront UAG portal, they may receive the following message " The request cannot be completed. User details are missing. Contact the site administrator. " There may also be an event 161 in the event viewer or in the Web Monitor with the description...
on
22 Feb 2013
Wiki Page:
AD FS 2.0: How to Automatically Add the AD FS 2.0 Powershell Snap-in When Launching Powershell
Richard Mueller
If you often administer your AD FS 2.0 Federation Service using PowerShell, there is an easy way to automatically add the AD FS 2.0 PowerShell snap-in when the PowerShell console window is launched. Ove rview PowerShell loads a profile for the user when the console window is launched. We...
on
22 Feb 2013
Wiki Page:
AD FS 2.0: "The request specified an Assertion Consumer Service URL that is not configured on the relying party"
Yagmoth555
Symptoms Sign-in fails The following events are logged in the AD FS 2.0/Admin event log: Log Name: AD FS 2.0/Admin Source: AD FS 2.0 Date: 07/28/2011 05:15:28 PM Event ID: 364 Level: Error User: CONTOSO\ADMIN Computer: adfs.contoso.com Encountered error during federation...
on
21 Feb 2013
Wiki Page:
AD FS 2.0: How to Migrate Claim Rules Between Trusts
Yagmoth555
Overview This article demonstrates how to migrate claim rules from one trust in AD FS 2.0 to another trust in AD FS 2.0. This may be useful when you are creating multiple trust relationships which will utilize similar claim rules, or when you are migrating configuration data between test, staging...
on
19 Feb 2013
Page 1 of 4 (97 items)
1
2
3
4
Can't find it? Write it!
Post an Article