adfs2.0

When using NTLM authentication to AD FS 2.0, from Google Chrome or Firefox 3.5+ running on Windows, then this results in a repeated sign-in dialog and finally sign-in failure, with 'Audit Failure' events with "Status: 0xc000035b". This can be 'solved' by switching off 'Extended Protection' for the "/adfs/ls" web application in IIS. This is documented in several places; see my answer to another StackOverflow question for details. My question is: How can one make NTLM authentication to AD FS work for these browsers without switching off 'Extended Protection'? I mean, in Internet Explorer this

As I am developing a WCF web service to make an intermediator between user's login action and their active directory roles and permissions. I don't want my host application to directly talk to AD FS. I want any host application to use my web service and it will provided necessary information on the basis of given credential. In my web method I need to get claims from AD FS (WIF) by user's login credentials. My web method will have two input parameters, the Window User's Email Id / Windows Account Name and the Password. So, I want to access AD FS claims in my web method by given user's

so, have web-site configured for ADFS 2.0 authentication... for IE - it works fine and did authentication correct for Chrome - it reaches redirect to AD FS server... ask to authenticate but could not authenticate. I try to requests using fiddler but it show nothing interesting - so show that we redirect to adfs for authentication but nothing more what it could be? why it is impossible to authenticate for chrome thanks In the event viewer you will see an 'Audit Failure' event with "Status: 0xc000035b". You can circumvent this problem by switching off 'Extended Protection' for the adfs/ls web

Can anyone explain to me what the main differences between SP initiated SSO and IDP initiated SSO are, including which would be the better solution for implementing single sign on in conjunction with ADFS + OpenAM Federation? In IDP Init SSO (Unsolicited Web SSO) the Federation process is initiated by the IDP sending an unsolicited SAML Response to the SP. In SP-Init, the SP generates an AuthnRequest that is sent to the IDP as the first step in the Federation process and the IDP then responds with a SAML Response. IMHO ADFSv2 support for SAML2.0 Web SSO SP-Init is stronger than its IDP-Init

I am interested to know the relation between Freshness Value,TokenLifetime and WebSSOLifetime parameters in ADFS 2.0 time out scenario. I have already did my bit of analysis on this and I am yet to get a clear picture. I have collected the below details w.r.t ADFS timeout through several sources. There are two major timeouts involved in the ADFS configuration: WebSSOLifetime – Server wide timeout parameter – Default value = 480 mins TokenLifetime – This is configured for each Relying party – Default value = 10 hours WebSSOLifetime: This is a server wide setting which applies to all the RP’s

I wanted to find out if ADFS2.0 provides a way for users to be authenticated with a Custom Store? Version 1.0 you could only authenticate users in the Windows domain, using Forms/Windows Integrated/Cardspace. I have an ASP.NEt website, which I would like the users to be authenticated against a custom store in SQL and then ADFS2.0 to take care of the claims issued to the user... That's not entirely true. While in its default form, ADFS v2.0 only allows you to authenticate against Active Directory, there is a hybrid approach. You can set the authentication type to forms (modify the Web.config