Browse by Tags

Tagged Content List
  • Wiki Page: AD FS 2.0: Dynamic Claim Types

    Dynamic Claim Types There is data stored about a user in a SQL database ( or other attribute store ). The data stored about the user in the database needs to be a part of the claim type and not the value of the claim. For example, properties “ Redmond ” and “ Building3 ” stored in a database...
  • Wiki Page: AD FS 2.0: Using RegEx in the Claims Rule Language

    An Introduction to Regex The use of RegEx allows us to search or manipulate data in many ways in order to get a desired result. Without RegEx, when we do comparisons or replacements we must look for an exact match. Most of the time this is sufficient but what if you need to search or replace based...
  • Wiki Page: AD FS 2.0: Configuration options for shared computers and kiosks

    Introduction Using claims aware applications on a shared computer or kiosk adds additional challenges for configuration. One common challenge faced by administrators is with users gaining access to applications as the previous user. Scenario: - User A browses to a claims aware application...
  • Wiki Page: AD FS 2.0: Domain Local Groups in a claim

    Introduction The basic method for adding group memberships into claims is using Send LDAP Attributes as Claims and picking one of the tokenGroups options. This method works for global and universal groups, but will leave out any domain local groups. The primary reason for this is there is no intuitive...
  • Wiki Page: AD FS 2.0 RelayState Generator

    Introduction The ability to generate RelayState in AD FS 2.0 was added in Rollup 2. To do this you must run through the following process. URL Encode the relying party's identifier URL Encode the RelayState to send Take both values of both, and add them to this string: RPID= <URL...
  • Wiki Page: AD FS 2.0: Windows service does not start, does not start automatically, or starts slowly

    Overview The AD FS 2.0 service takes a long time to start and restart The AD FS 2.0 service may fail to start upon login The AD FS 2.0 service may fail to start altogether The AD FS 2.0 server does not have outbound Internet access Disable Authenticode Signing Verification ...
  • Wiki Page: AD FS 2.0: Claims to work with shadow accounts

    Introduction When using AD FS 2.0, it may be beneficial to use shadow accounts in some situations. One reason may be that the service accesses back-end resources that require a Windows token. The Claim to Windows Token Service (c2WTS). This article is intended to focus on the AD FS 2.0 perspective...
  • Wiki Page: AD FS 2.0: Selectively send group membership(s) as a claim

    You can send group membership as claims by using the built in templates Create a new rule, choose “Send LDAP Attributes as Claims” Choose Active Directory as the Attribute Store, and choose the LDAP Attribute “Token-Groups – Unqualified Names” and the claim type as “Group” This will send...
  • Wiki Page: Configuring TMG as an AD FS 2.0 Proxy

    Table of Contents TMG vs the AD FS 2.0 proxy Basic setup of TMG 2010 Installing TMG 2010 Configure Network Settings Configure System Settings Define Deployment Options Configure Firewall Policy Configure Policy Validating Your Configuration Troubleshooting Alternate Configurations Listener Authentication...
  • Wiki Page: Automatic Login to SharePoint 2010 with AD FS 2.0 & WS-Federation

    Table of Contents Introduction Pre-formatted Link Sample URL Broken Down Removing or Seperating Windows Authentication Links Introduction Consider the situation where you have a SharePoint 2010 site secured by AD FS 2.0 and you have a partner that accesses this application that also uses AD...
  • Wiki Page: Understanding Claim Rule Language in AD FS 2.0 & Higher

    Table of Contents Introduction Understanding Claim Sets General Syntax of the Claim Rule Language Condition Statements Issuance Statements Multiple Conditions Combining Values Aggregate Functions Using Regular Expressions Querying Attribute Stores SQL Attribute Stores LDAP Attribute Stores Links to Additional...
  • Wiki Page: The Windows Azure Pack Wiki (#WAPack)

    Table of Contents Solutions and Design Guidance Windows Azure Services for Windows Server Windows Azure Pack (WAP) Windows Azure Pack - Authentication Service Provider Foundation (SPF) Usage and Billing Service Request Management (SRM) VM Role Service Management Automation (SMA) Database as a Service...
  • Wiki Page: Office 365 – Cloud Configuration – Live

    The transition to the microsoft cloud is not to be taken lightly. The planning and processes involved in transitioning from an established infrastructure to a cloud environment is a major undertaking and will be able to save money after moving to Microsoft Office 365. Microsoft is encouraging organizations...
  • Wiki Page: AD FS Content Map

    Subscribe to RSS Feed Share on Facebook Send link to a friend This Active Directory Federation Services wiki page is intended to act as a content map for all members of the AD FS community. Members of the AD FS product team will occasionally monitor this article and...
  • Wiki Page: Share AD RMS Protected Content when Partners Do Not Have an AD RMS Installation

    Here, we consider five different ways to securely collaborate with partners who have not installed AD RMS. Creating a separate account store for your partner users is the most conceptually basic solution. In this scenario, create a separate Active Directory forest with an AD RMS cluster and set...
  • Wiki Page: Windows Server 2012 R2 - AD FS: Migrate Your AD FS Configuration Database from WID to SQL Server

    AD FS can be configured to store its configuration data in the Windows Internal Database (WID) or an instance of SQL Server. The WID option may be sufficient for many usage scenarios. If you have outgrown the WID option, take the following steps to upgrade to SQL server: Backup ADFS server Open...
  • Wiki Page: Office 365 Knowledge Base Library

    Table of Contents Office 365 general Office 365 security Office 365 licensing Office 365 billing Office 365 end user training Network DNS Azure Active Directory Provisioning Authentication Microsoft Identities Domain management Federated authentication Federated authentication Planning Federated authentication...
  • Wiki Page: Office 365 Lessons Learnt

    Table of Contents Exchange Online Recoverable Items folder quota Move mailbox fails Cannot off-board remote mailbox Synchronize Public Folders to Distribution Groups in Office 365 Cannot send mail after changing certificate Offboarding mailboxes fails SOME move requests fail/h2> Issue : SOME move...
  • Wiki Page: AD FS 2.0: How to Enable and Immediately Use AutoCertificateRollover

    When the GUI Initial Configuration Wizard (ICW) of AD FS 2.0 has been executed, AutoCertificateRollover is automatically enabled by default and the token-signing and token-decrypting certificates are self-signed and maintained by the AD FS 2.0 service. When the command line ICW of AD FS 2.0 has...
  • Wiki Page: AD FS 2.0: Migrate Your AD FS Configuration Database to SQL Server

    The AD FS configuration database stores all the configuration data that represents a single instance of AD FS 2.0 (also known as the Federation Service). You can store this configuration data in either a Microsoft SQL Server® database or using the Windows Internal Database. The Windows Internal Database...
  • Wiki Page: AD FS 2.0: How to Manually Run the AD FS 2.0 Initial Configuration

    There may come a time when you need to run the Active Directory Federation Services ( AD FS) 2.0 Initial Configuration again and you might not want to have to reinstall AD FS 2.0 to get there. The AD FS 2.0 MMC prompts you to run the Initial Configuration one time after installation. Once this is done...
  • Wiki Page: AD FS 2.0: The Admin Event Log Shows Error 111 with System.ArgumentException: ID4216

    Table of Contents Symptoms Cause Resolution Symptoms When a user browses to a relying party (RP) application in which the IP-STS or RP-STS is AD FS 2.0 , the user provides credentials to the STS and subsequently fails before the STS response is posted either to the RP or the RP-STS ...
  • Wiki Page: Windows Identity Foundation (WIF): A Potentially Dangerous Request.Form Value Was Detected from the Client (wresult="<t:RequestSecurityTo...")

    Table of Contents Symptoms Cause Resolution More Information Symptoms While processing an RSTR (Request for Security Token Response), System.Web throws the following exception: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client...
  • Wiki Page: ASP.NET AJAX Web Application With Federated Authentication

    Back to Windows Azure Active Directory Solutions For Developers “Claims Aware AJAX Application” code sample available with Windows Identity Foundation SDK . See Also ASP.NET Portal
  • Wiki Page: AD FS 2.x: When a User is Not Authorized Access to a Relying Party, Redirect the User to a Specific Location

    Overview Consider the following scenario: You have deployed AD FS 2.x, and you wish to provide granular access to specific relying parties by utilizing Issuance Authorization Rules on each Relying Party Trust As an example, you have Contoso SharePoint as a relying party, and you wish to only...
Page 1 of 6 (136 items) 12345»
Can't find it? Write it!