adfs2.0

问题 I am using ADFS 2.0 for authentication for my mvc 3.0 web app. I set my TokenLifeTime on my relying party to 1440 (24 hours), but when I step through my code after I log in I can see that the ValidTo date of the session token is only 600 mins (10 hours) from now. If I change TokenLifeTime to be less than 600 the datetime matches what I expect when I log in. i.e. if I set TokenLifeTime to 5, the ValidTo date on my session token is 5 mins from when I logged in. I haven't found any reference to

问题 I have the task to implement a accessibility to an Active Directory Federation Services (SSL) with a LDAP behind. At first I have to to say that my experience in ADFS and SAML is very small. I have decide to take the Spring Security SAML Extension to implement this feature. I download and install the SAML extension for the Spring Security project from GIThub: https://github.com/spring-projects/spring-security-saml I found in the official documentation http://docs.spring.io/spring-security

问题 I am trying to connect third party system with ADFS 2.0 using SSO. I created Relying party trust, and two claim rules Rule #1 c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"] => issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] = "urn:oasis:names:tc

问题 I want to configure ADFS to create single signon service and use the same for another web application. I am very new to this. Please suggest me how to do it or at least where to start. Thanks in advance for your time. 回答1: You can only install on Windows Server. If you want ADFS 2.0 you need Server 2008 R2. Install The latest (ADFS 3.0) is on Server 2012 r2. Update Is the application Java or .NET? You need a SAML client side stack - refer SAML : SAML connectivity / toolkit. You then take the

问题 ADFS 2.0, WIF (WS-Federation), ASP.NET: There is no http modules or any IdentityFoundation configuration defined in a web.config (like most WIF SDK samples show), instead everything is done via program code manually using WSFederationAuthenticationModule, ServiceConfiguration and SignInRequestMessage classes. I do http redirect to ADFS in a code and it seems to work fine, returning claims and redirecting user back to my web site with serialized claims in http request. So the question is how

问题 Consider the below Sample Scenario: I have a Single Active Directory Domain for Production, Test and for development (each separated at OU level). I want to install ADFS at test OU level and I do not want users authenticated at test OU ADFS to have access (both read and write) to other OU's. Can this be possible ? Can we restrict ADFS 2.0 to work only under a particular OU ? 回答1: Though restricting ADFS 2.0 to work under a specific OU is not feasible (from the resources I read and IMHO), we

问题 I am also trying to explore the fedlet + adfs federation. What I have is: an adfs server installed on machine A. I have also added the fedlet as the relying part but when I enter the replying party federation metadata url and click on test url its throwing me his exception : An error occurred while reading the federation metadata. Verify that the url or the host-name is valid federation metadata endpoint. But I have added the certificate of fedlet in the relying part and also set the

问题 Using Windows Identity Foundation (WIF) in tandem with a Security Token Service (STS), is it possible to create complex claims that could satisfy a question such as: For a user with a claim to a role "Support", that user: Can only view and use resource1 CAN NOT update, create, or delete resource2 CAN NOT create, or delete resource3 Can only use and update resources with a "resource" tag. It's a necessarily contrived example but is this possible? I'm thinking I want to authorize the

问题 I am working on a asp.net web application that has is a part of TFS and is used by the development team. Recently as part of the project we setup ADFS and are now attempting to enforce authentication of the project to an ADFS server. On my development machine I have gone through the steps of adding STS reference which generates the Federation Meta-Data as well as updates the web.config file for the project. Authorization within the web.config uses thumbprint certification which requires me to

问题 The error: ID4175: The issuer of the security token was not recognized by the IssuerNameRegistry. To accept security tokens from this issuer, configure the IssuerNameRegistry to return a valid name for this issuer. The situation: I have 3 or 4 asp.net apps running on a single IIS server (my QA environment), that this morning began returning this error. I start out on an anonymous site, click a link to a secure section, get redirected to my federation services proxy, authenticate, and am