adfs2.0

问题 I have implemented session sliding using in my customehttphandler module. I am trying to acheive session sliding as well as getting authenticated on multiple website which share same ADFS server. public void SessionAuthenticationModuleSessionSecurityTokenReceived(object sender, SessionSecurityTokenReceivedEventArgs e) { SessionSecurityToken token = e.SessionToken; DateTime nowUtc = DateTime.UtcNow; DateTime validFrom = token.ValidFrom; DateTime validTo = token.ValidTo; double totalMinutes =

问题 I have a main web-site that uses passive federation (ADFS 2.0) This website has javascript that calls out to an MVC Web API site using jsonp. I am trying to get this WebAPI to participate in Single Sign On (same machine, different port). However the passive redirects break the jsonp. (The STS returns its own script which the browser renders and i never get to redirect to the real url for my response script) Is passive federation compatible with a jsonp webapi? If not, how do I use Active

问题 Can you guys help me out on how to send DN in a claim from ADFS 2.0? Thanks! 回答1: There doesn't seem to be a standard URI for DN but you can always roll your own. The ADFS claims rules box is actually configurable - refer ADFS : Selecting claim that's not in the default drop down So in the "LDAP Attribute" enter "DN" and in the "Outgoing Claim Type" enter something like "http://company.com/identity/claims/DistinguishedName". Edited: LDAP attributes see here : Selected LDAP Attributes 回答2: c:

问题 When i access my fedlet it redirects me to adfs login screen wherein I enter my credential and then from that login page I am redirect to the fedlet application page where it shows "HTTP Status 500 - Null input " exception. I am not getting what must be going wrong. Please can anyone help me with the solution. am also enclosing the decoded response sent back to help : " http://aaa.domain.com/adfs/services/trust CN=sso_te, OU=IT, O=comapnyname 1352204053 fHQDdZB2QYtpvmkjA+k

问题 I have my app built and deployed in Azure, utilizing ADFS for authentication. When I access my app, it redirects me to the ADFS log-in page. I log in, and then it redirects me back to my app, where I encounter the following exception: Exception information: Exception type: SecurityTokenException Exception message: ID4014: A SecurityTokenHandler is not registered to read security token ('BinarySecurityToken', 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd').

问题 I want to use Jasig CAS (Apereo CAS), but in authentication delegation with IdP. My question is : it is possible to configure CAS for delegate authentification with two IdP ? How can I do that ? How did the WAYF ? And in the best possible way that must run with 2 ADFS :) I see that (cas-pac4j) : http://jasig.github.io/cas/development/integration/Delegate-Authentication.html But I don't see if it is possible to configure 2 IdP. Thanks 回答1: I make my WAYF application with CAS 4.1.3 and Pac4J 1

问题 Is it possible to use an Azure virtual machine as an Active Directory server with ADFS 2.0 and integrate it with ACS ? Regards , James Roeiter 回答1: Having AD server (with RMS also) in cloud is an ask which I have heard time to time from Azure users and it sure is a great addition to have it running in Windows Azure or any cloud. Various organization's IT is asking the same as well however As of now with current Windows Azure it is not possible. A few might suggest that using Windows Azure VM

问题 Imagine the following scenario. User visits a site A (ASP.NET), authenticates using ADFS and gets a set of claims . At some point, they need to register for an additional service so they are redirected to a provisioning site B (ASP.NET) (also using ADFS – so SSO) where they register by entering their relevant details and are redirected back to A. However, part of the provisioning process added attributes to a repository (normally AD) and we would like those attributes to form part of their

问题 I am able to authenticate the user using ADFS and succeded in getting the user alias using the below statement. Since some time, i am looking for a way in getting the other claims of the authenticated user, like email, name, roles, username etc. Any help on this would be appreciated. string alias = ((MicrosoftAdfsProxyRP.MicrosoftPrincipal)HttpContext.Current.User).Alias; Response.Write (alias); 回答1: The Claims way of getting the other claims is as follows. IClaimsPrincipal claimsPr =

问题 I have a Federated Authentication Server that is fully operational, Azure Synced, Office 365 Synced and local. Every part of the configuration works flawlessly. The issue that i am having is that There is no trace of any Web Directory Files, I have looked in every location, and the virtual directories do no exist on my Federation Proxy or Federation Server. I am trying to edit the Log in pages or create a new form. Where are these files? or how can i create them so The federation server