adfs

问题 I followed chapter 12.0 instructions about using spring with adfs as IdP from here : http://docs.spring.io/spring-security-saml/docs/1.0.x-SNAPSHOT/reference/pdf/spring-security-saml-reference.pdf But I have an exception when I test the SSO : org.opensaml.common.SAMLException: NameID element must be present as part of the Subject in the Response message, please enable it in the IDP configuration I added the rule NameID as described in the document. We use ADFS 3.0 on a server and Tomcat on

问题 Hi I am trying to use SSO to authenticate my client's users directly to my website. My client's IDP is Microsoft ADFS and I am using Passport-SAML (https://github.com/bergie/passport-saml) to configure the SSO process. After getting to a special URL I give my client (example: www.myClient.myCompany.com ), the user (unauthenticated) is as expected redirected to the client login page. After he enters his credential, he remains stuck in login page BUT the SSO work because the user is

问题 How does Stack Overflow's SSO work? ... whatever it is they are doing it seems to work for all sites in the network. I'd like to learn what Stack is doing so I can see if it's possible to get a similar registration scheme between http://perfmon.com and http://eventvwr.com under ADFS. I understand that SAML and OpenID are different animals, but the concept of transparent registration should be the same. Q: How does Stackoverflow "federate" with the other sites such as serverfault? 回答1: OpenID,

问题 How does Stack Overflow's SSO work? ... whatever it is they are doing it seems to work for all sites in the network. I'd like to learn what Stack is doing so I can see if it's possible to get a similar registration scheme between http://perfmon.com and http://eventvwr.com under ADFS. I understand that SAML and OpenID are different animals, but the concept of transparent registration should be the same. Q: How does Stackoverflow "federate" with the other sites such as serverfault? 回答1: OpenID,

问题 I have ADFS3 OAuth2 configured to return Refresh Tokens: PS> Set-AdfsRelyingPartyTrust -TargetName "RPT Name" -IssueOAuthRefreshTokensTo AllDevices PS> Set-AdfsRelyingPartyTrust -TargetName "RPT Name" -TokenLifetime 10 PS> Set-AdfsProperties -SSOLifetime 480 Here the Access Token lasts for 10 minutes and the Refresh Token lasts for 480 minutes. I then generate an Access Token by GETing: https://myadfsdomain/adfs/oauth/authorize ?response_type=code &client_id=MYCLIENTID &redirect_uri=https:/

问题 I have ADFS3 OAuth2 configured to return Refresh Tokens: PS> Set-AdfsRelyingPartyTrust -TargetName "RPT Name" -IssueOAuthRefreshTokensTo AllDevices PS> Set-AdfsRelyingPartyTrust -TargetName "RPT Name" -TokenLifetime 10 PS> Set-AdfsProperties -SSOLifetime 480 Here the Access Token lasts for 10 minutes and the Refresh Token lasts for 480 minutes. I then generate an Access Token by GETing: https://myadfsdomain/adfs/oauth/authorize ?response_type=code &client_id=MYCLIENTID &redirect_uri=https:/

问题 We want to setup ADFS 3.0 to enable OAuth2 based authentication. I have read lots of documentation, but am still unclear if this is supported. Can ADFS be used as an authorization server for oauth, or is oauth2 support in ADFS only meant to work as a client to another authorization server? Any help for setting up adfs as oauth provider/server is appreciated. 回答1: in ADFS 2012R2 (aka ADFS 3.0), we only support the authorization grant flow. The only scenario is for public clients (say a mobile

问题 Our site uses ADFS for auth. To reduce the cookie payload on every request we're turning IsSessionMode on (see Your fedauth cookies on a diet). The last thing we need to do to get this working in our load balanced environment is to implement a farm ready SecurityTokenCache. The implementation seems pretty straightforward, I'm mainly interested in finding out if there are any gotchas we should consider when dealing with SecurityTokenCacheKey and the TryGetAllEntries and TryRemoveAllEntries

问题 These are numerous technologies and buzzwords used for single sign-on with Microsoft services. Can someone explain ADFS, WIF, WS Federation, SAML, and STS (Security token service), including where and when each is being used. 回答1: From a big picture viewpoint: Assume an ASP.NET browser-based application that requires authentication and authorization. The application can roll its own or it can outsource it. WIF is a .NET library that allows ASP.NET to implement this outsourcing. It talks to an

问题 I have a new Claims Provider Trust successfully configured in ADFS 3.0 that allows us to use a separate SAML IdP and let ADFS 3.0 be the SP. We now see "You are signed in" when we go through our SAML IdP. So this part works fine (SSO into ADFS 3.0). However, attempting to access Office 365 apps now returns the following error by at https://login.microsoftonline.com/login.srf: AADSTS90019: No tenant-identifying information found in either the request or implied by any provided credentials. Any