locked
What information/details are in the ADFS request? RRS feed

  • Question

  • Hey guys, can anyone tell me what information is contained in the ADFS request?

    I know it has the UPN but does it also have things like, windows account name, IP address??

    Any other details?

    Wednesday, August 23, 2017 12:51 AM

Answers

  • AAD Connect attributes.

    https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-attributes-synchronized

    The data passed from the client to ADFS depends on the protocol but there is very little client information. It's more things like date, encryption, signing, the issues, the audience etc.

    You wouldn't use any of these typically for conditional access. That's more around groups.

    Thursday, August 24, 2017 2:13 AM

All replies

  • What do you mean by the ADFS request?

    Login / logout?

    Protocol - SAML / WS-Fed / OpenID Connect? The format is different for each.

    Or do you mean the claims returned in the token?

    Wednesday, August 23, 2017 3:00 AM
  • Sorry I should of provided some more information.

    I currently have ADFS 2016 configured and federated with Office365.

    My ADFS experience is virtually zero, so from what I understand, when I go to the O365 portal I get redirected to my ADFS page where I enter my credentials which the ADFS/DCs authenticate.

    I'd like to know what information is passed from the client to the ADFS server in order to process that authentication.

    This leads on to my ultimate goal of creating conditional access rules. To create these rules, ideally I need to know what information is contained in the authentication process.

    Hope that makes sense.

    Wednesday, August 23, 2017 4:21 AM
  • AAD Connect attributes.

    https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-attributes-synchronized

    The data passed from the client to ADFS depends on the protocol but there is very little client information. It's more things like date, encryption, signing, the issues, the audience etc.

    You wouldn't use any of these typically for conditional access. That's more around groups.

    Thursday, August 24, 2017 2:13 AM
  • Use following claims aware sample app. It will give you more information and would be helpful in configuring conditional access.

    https://blogs.technet.microsoft.com/tangent_thoughts/2015/02/20/install-and-configure-a-simple-net-4-5-sample-federated-application-samapp/

    -----SunDeep------

    Script your own Destiny

    Friday, August 25, 2017 7:21 PM