adfs2.0

One of our web app would like to connect with ADFS 2.0 server to get credential token and check the user roles based on that. The ADFS server admin asked us to give them a federation metadata XML file to let them create Relying Party Trusts. I googled and only find how to download the ADFS server's federation metadata XML using URL - https:// [adfs server name] /federationmetadata/2007-06/federationmetadata.xml But could didn't find any guide to create a federation metadata XML for creating " Relying Party Trust " and " Claims Provider Trusts ". Is there a tools for creating those metadata

I'm using AngularJS and spring security in a web application. We were using the basic authentication and now we are trying to put in place SAML for SSO login. As we are using Java based annotation I tried to follow this example , I just added the securityConfig part to my application with also loadUserBySAML service. I also configured my ADFS service in active directory and generated the federationmetadata.xml file, however, I wasn't able to generate the metadata.xml file. When I try http://localhost:8080/myapp/saml/metadata I get 404 not found. I'm sure that I've missed something, but what?

Hi I am trying to use SSO to authenticate my client's users directly to my website. My client's IDP is Microsoft ADFS and I am using Passport-SAML ( https://github.com/bergie/passport-saml ) to configure the SSO process. After getting to a special URL I give my client (example: www.myClient.myCompany.com ), the user (unauthenticated) is as expected redirected to the client login page. After he enters his credential, he remains stuck in login page BUT the SSO work because the user is authenticated meaning that if he opens a new tab and go to www.myClient.myCompany.com, he will be redirected to

How does Stack Overflow's SSO work? ... whatever it is they are doing it seems to work for all sites in the network. I'd like to learn what Stack is doing so I can see if it's possible to get a similar registration scheme between http://perfmon.com and http://eventvwr.com under ADFS. I understand that SAML and OpenID are different animals, but the concept of transparent registration should be the same. Q: How does Stackoverflow "federate" with the other sites such as serverfault? OpenID, One Year Later on SO blog explains how do they solve the problem. Also, there is a post on the new Global

Folks, I've got an ASP.NET MVC application that I am attempting to secure using the Release Candidate version of ADFS v2.0 (Geneva). I have configured the application as a relying party trust, and I've used Fedutil.exe to modify the application's Web.config so that it has the information about the Geneva server and uses the Geneva server as its claims source. However, when I try and hit the MVC app, it redirects to Geneva, which then (after warning me about self-signed certs) re-directs me to the MVC app again. After accepting both self-signed cert warnings, the two servers play ping-pong with

I've configured an app on the adfs relying party trusts, so I can login using adfs/sso. After that i'va installed simplesamlphp to deal with that login, and process the response saml. this is my authsources config: 'myauth' => array( 'saml:SP', 'idp' => 'http://domain/adfs/services/trust', 'privatekey' => 'saml.key', 'certificate' => 'saml.crt', ), but after the login, on the return post i get the following error: Exception during login: sspmod_saml_Error: Requester/InvalidNameIDPolicy Backtrace: 3 /home/......../adfs/simplesamlphp/modules/saml/lib/Message.php:376 (sspmod_saml_Message:

I have 2 ASP.Net applications: App1 and App2. Both applications are standard web apps that use WIF with the same ADFS server to authenticate the user, but App2 also exposes some WebAPI services. When the user goes to App1, App1 calls a service on App2 and I need to somehow call the App2 service with the user's token. If the user, themselves, were calling the service on App2, they would go through the same ADFS authentication and everything would work, but it's App1 that's calling the service on App2, not the user. Any thoughts on how this might be done? Thanks! You can use WS-Trust (ActAs) to

I need to check whether particular user exist OR not in Active Directory by ADFS . So, I want my ADFS to check user Authentication by UserName/Password. Could anybody please provide the sample code OR tutorial for the same. Thanks in advance! To use Username/Password authentication you can use the trust/13/UsernameMixed endpoint of the ADFS 2.0. This does NOT check if the user exists in the Active Directory! In code you request the token like this: WSTrustChannelFactory adfsfactory = new WSTrustChannelFactory(new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential), StsEndpoint)