TechNet
Products
IT Resources
Downloads
Training
Support
Products
Windows
Windows Server
System Center
Microsoft Edge
Office
Office 365
Exchange Server
SQL Server
SharePoint Products
Skype for Business
See all products »
Resources
Channel 9 Video
Evaluation Center
Learning Resources
Microsoft Tech Companion App
Microsoft Technical Communities
Microsoft Virtual Academy
Script Center
Server and Tools Blogs
TechNet Blogs
TechNet Flash Newsletter
TechNet Gallery
TechNet Library
TechNet Magazine
TechNet Wiki
Windows Sysinternals
Virtual Labs
Solutions
Networking
Cloud and Datacenter
Security
Virtualization
Updates
Service Packs
Security Bulletins
Windows Update
Trials
Windows Server 2016
System Center 2016
Windows 10 Enterprise
SQL Server 2016
See all trials »
Related Sites
Microsoft Download Center
Microsoft Evaluation Center
Drivers
Windows Sysinternals
TechNet Gallery
Training
Expert-led, virtual classes
Training Catalog
Class Locator
Microsoft Virtual Academy
Free Windows Server 2012 courses
Free Windows 8 courses
SQL Server training
Microsoft Official Courses On-Demand
Certifications
Certification overview
Special offers
MCSE Cloud Platform and Infrastructure
MCSE: Mobility
MCSE: Data Management and Analytics
MCSE Productivity
Other resources
Microsoft Events
Exam Replay
Born To Learn blog
Find technical communities in your area
Azure training
Official Practice Tests
Support options
For business
For developers
For IT professionals
For technical support
Support offerings
More support
Microsoft Premier Online
TechNet Forums
MSDN Forums
Security Bulletins & Advisories
Not an IT pro?
Microsoft Customer Support
Microsoft Community Forums
Sign in
Home
Library
Wiki
Learn
Gallery
Downloads
Support
Forums
Blogs
Resources For IT Professionals
United States (English)
Россия (Pусский)
中国(简体中文)
Brasil (Português)
Skip to locale bar
Get this Tag RSS feed
Translate this page
Powered by
Microsoft® Translator
Popular Tags
Active Directory
AD
AD DS
adfs
ASP.NET
azure
BizTalk
BizTalk Server
BizTalk Server 2010
C#
Candidate for deletion
certification
cloud
core docs
de-DE
EAA
Ed Price
Ed's Stub Pages
en-US
ESA
es-ES
Excel
Exchange
Exchange 2010
fa-IR
Fernando Lugao Veltem
FIM
FIM 2010
FIM Resources
FIM-HELP
forefront
forums
fr-FR
Gokan Ozcifci
has code
has comment
has comments
has image
has Images
has Other Languages
has See Also
Has Table
Has TOC
Horizon_Net
How To
Hyper-V
id-ID
IIS
Italian Wiki Articles
it-IT
ja-JP
Jordano Mazzoni
Link Collection
Luciano Lima
Luigi Bruno
Lync Server 2010
MIISILMFIM MACAULAY
Multi Language Wiki Articles
needs work
operations manager
Pirated Content
Portal
Português Brasil
PowerShell
pt-BR
security
SharePoint
SharePoint 2010
SharePoint 2013
SharePoint Pirate
Small Basic
solucionando problemas
SQL Server
SQL Server 2012
stub
System Center
System Center 2012
TechNet Guru
TechNet Wiki
TechNet Wiki Featured Article
tonyso
Translated into Japanese
troubleshooting
tr-TR
vídeo
Video
Virtualization
VMM
Wiki
Windows
Windows 7
Windows 8
Windows Azure
Windows Server
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
yottun8
اکتیو دایرکتوری
Browse by Tags
>
TechNet Articles
>
All Tags
>
AD FS 2.0
Tagged Content List
Wiki Page:
Windows Identity Foundation (WIF): How to Protect Static Content with the Federation Authentication Module (FAM)
Fernando Lugão Veltem
Table of Contents Summary More Information Summary The most common scenario for protecting a web application with the Windows Identity Foundation (WIF) Federation Authentication Module (FAM) is to use ASP.NET content. Using FedUtil.exe (WIF SDK) to configure your web.config file works fine in...
on
21 May 2012
Wiki Page:
AD FS 2.0: Federation Server Proxy Servers Fail to Authenticate Users, Events 248 and 996 Logged
Fernando Lugão Veltem
Table of Contents Symptoms Cause Resolution More Information Symptoms An AD FS 2.0 Proxy server fails to authenticate users The following is displayed on the web page: There was a problem accessing the site. Try to browse to the site again. If the problem...
on
21 May 2012
Wiki Page:
AD FS 2.0: Sign-In Fails and Event 364 is Logged Showing Microsoft.IdentityServer.Protocols.Saml.NoAuthenticationContextException: MSIS7012
Fernando Lugão Veltem
Table of Contents Symptoms Cause Resolution See Also Symptoms Sign-in to AD FS 2.0 fails The AD FS 2.0/Admin event log shows the following: Log Name: AD FS 2.0/Admin Source: AD FS 2.0 Date: 6/5/2011 1:32:58 PM Event ID: 364 Task Category: None Level: Error Keywords...
on
21 May 2012
Wiki Page:
AD FS 2.0: Claims to work with shadow accounts
nzpcmad1
Introduction When using AD FS 2.0, it may be beneficial to use shadow accounts in some situations. One reason may be that the service accesses back-end resources that require a Windows token. The Claim to Windows Token Service (c2WTS). This article is intended to focus on the AD FS 2.0 perspective...
on
16 May 2012
Wiki Page:
AD FS 2.0: Claims Are Missing From The Output Claim Set After A User's Name Has Changed
nzpcmad1
Symptoms A user has previously authenticated via AD FS 2.0 The user's name has changed, such as samAccountName or UPN. After the name change, the user does not receive the expected output set of claims from AD FS 2.0 Cause The Local Security Authority...
on
16 May 2012
Wiki Page:
AD FS 2.0: How to Change the net.tcp Ports for Services and Administration
Ed Price - MSFT
Active Directory Federation Services (AD FS) 2.0 uses two net.tcp ports for functions of the Federation Service. Services net.tcp port - 1501 Administration net.tcp port - 1500 There may come a time when another application or service is using either of the above ports, and a conflict...
on
16 Apr 2012
Wiki Page:
Windows Identity Foundation (WIF): A Potentially Dangerous Request.Form Value Was Detected from the Client (wresult="<t:RequestSecurityTo...")
Quenby Mitchell
Symptoms While processing an RSTR (Request for Security Token Response), System.Web throws the following exception: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (wresult="<t:RequestSecurityTo..."). at System...
on
29 Feb 2012
Wiki Page:
Windows Identity Foundation (WIF): How to Utilize the WS-Federation WAUTH Parameter to Specify an Authentication Type
David Loder
There are two ways in which Windows Identity Foundation (WIF) can utilize the WS-Federation passive WAUTH parameter to specify an authentication type. There are a few questions to ask before deciding which method to implement: 1. Can the WAUTH parameter remain static for a Relying Party (RP) application...
on
16 Nov 2011
Wiki Page:
Windows Identity Foundation (WIF): How to Utilize the WS-Federation WHR Parameter to Bypass Home Realm Discovery (HRD)
Gregory Hoffman
There are two ways in which Windows Identity Foundation (WIF) can utilize the WS-Federation passive WHR parameter to bypass home realm discovery (HRD). There are a few questions to ask before deciding which method to implement: 1. Can the WHR parameter remain static for a Relying Party (RP) application...
on
29 Sep 2011
Wiki Page:
Install AD FS 2.0 Hotfixes in Preparation for Office 365
Ed Price - MSFT
This article is intended for Microsoft Office 365 customers who need to determine whether AD FS 2.0 specific hotfixes must first be installed on existing AD FS 2.0 servers before they proceed with configuring single sign-on (SSO) functionality for Office 365 users. To determine if you will need to install...
on
9 Sep 2011
Wiki Page:
AD FS 2.0: How to Restore the Default Acceptance Transform Rules for the Active Directory Claims Provider Trust
stevta
If you are experiencing a Federation Service outage after modifying the claim rules on the Active Directory Claims Provider (CP) Trust, follow the steps below to restore the default Acceptance Transform Rules. Perform the following steps on a Federation Server that has write access to the...
on
24 Aug 2011
Wiki Page:
AD FS 2.0: ID4149: "The Saml2SecurityToken is rejected because the SAML2:Assertion specifies a OneTimeUse condition."
Ed Price - MSFT
Table of Contents Symptoms Cause 2.5.1 Element <Conditions> 2.5.1.5 Element <OneTimeUse> Resolution Symptoms Token acceptance from a third party Claims Provider (CP) fails The following exception is thrown by AD FS 2.0: ID4149: The Saml2SecurityToken is rejected because...
on
24 Jun 2011
Wiki Page:
Change or Update the Service Identity for a Federation Server Farm (AD FS 2.0)
Ed Price - MSFT
To change or update the AD FS 2.0 service identity for a federation server farm requires additional changes beyond that of updating the logon user for the service in the Services node in Server Manager. The service identity for Active Directory Federation Service (AD FS) 2.0 is the Windows user account...
on
21 Jun 2011
Wiki Page:
AD FS 2.0: How to Perform an Unattended Installation of an AD FS 2.0 STS or Proxy
NeverEatAlone
Summary The steps below detail how to perform an unattended installation and initial configuration of an AD FS 2.0 STS or Proxy Unattended Installation of AD FS 2.0 Server Installation of AD FS 2.0 Server from the command line is accomplished using ADFSSetup.exe /quiet I...
on
28 Apr 2011
Wiki Page:
AD FS 2.0: Initial configuration fails during "Creating default claim set" and Event ID 37 is logged in AD FS 2.0 Tracing/Debug
Adam Conkle - MSFT
Symptoms AD FS 2.0 initial configuration fails using either FSConfig.exe or FSConfigWizard.exe The failure occurs on the step: " Creating default claim set " The following error messge is shown: Creating default claim set... Failed: An error occurred during an attempt...
on
5 Apr 2011
Wiki Page:
AD FS 2.0: How to Perform IDP-initiated Sign-on to a Relying Party (RP) Application that Supports Only WS-Federation
Ed Price - MSFT
Summary AD FS 2.0 offers a .aspx page for idp-initiated sign-on, and this functionality is limited to SAML 2.0 protocol Relying Parties (RPs). The .aspx page is located here: https:// your-Federation-Service-Name /adfs/ls/idpinitiatedsignon.aspx There is a way, however, to...
on
21 Mar 2011
Wiki Page:
Forefront UAG Troubleshooting: The Trunk Contains Applications that Have the Same Public Host Name and Path
Ed Price - MSFT
Description —You have configured one or more applications on a trunk that use the same public host name and path and you receive the following message " The trunk 'trunk_name' contains applications that have the same public host name and path. Configure unique public host names and...
on
7 Mar 2011
Wiki Page:
Forefront UAG Troubleshooting: The Application Uses Authorization Rules Based on Claims that Are Not Provided by the Authentication Server
Ed Price - MSFT
Description —You have configured claims-based authorization for a published application using claim types provided by the AD FS 2.0 authentication server and you receive the following message " The application 'application_name' in trunk 'trunk_name' uses authorization rules...
on
7 Mar 2011
Wiki Page:
Forefront UAG Troubleshooting: The Application Uses Authorization Rules Based on Claims from the Wrong Trunk Authentication Server
Ed Price - MSFT
Description —You have configured claims-based authorization for a published application using claim types provided by an AD FS 2.0 authentication server that is not configured for trunk authentication and you receive the following message " The application 'application_name' in trunk...
on
7 Mar 2011
Wiki Page:
Forefront UAG Troubleshooting: The Application Uses KCD for SSO, but No Claim Type Is Provided
Ed Price - MSFT
Description —You have previously configured Forefront UAG with an AD FS 2.0 authentication repository and configured an application to use Kerberos constrained delegation for single sign-on (SSO) using a claim type provided by the AD FS 2.0 authentication server, but when you try to activate the...
on
7 Mar 2011
Wiki Page:
Forefront UAG Troubleshooting: The AD FS 2.0 Application Does Not Allow Unauthenticated Access
Ed Price - MSFT
Description —When activating your Forefront UAG configuration when using AD FS 2.0 you might see the following message " The AD FS 2.0 application 'application_name' in trunk 'trunk_name' is not configured to allow unauthenticated access. This is required when using federated...
on
7 Mar 2011
Wiki Page:
AD FS 2.0: Browsing to Federation Metadata Fails: "Unable to download federationmetadata.xml"
Ed Price - MSFT
Symptoms In Internet Explorer , browsing the following Federation Metadata endpoint fails: https://{your_federation_service_name}/ federationmetadata/2007-06/federationmetadata.xml Internet Explorer displays the following error text: Unable to download federationmetadata.xml from {your_federation_service_name...
on
16 Feb 2011
Wiki Page:
AD FS 2.0: The Admin Event Log Shows Error 111 with System.ArgumentException: ID4216
Ed Price - MSFT
Symptoms When a user browses to a relying party (RP) application in which the IP-STS or RP-STS is AD FS 2.0 , the user provides credentials to the STS and subsequently fails before the STS response is posted either to the RP or the RP-STS (depending on your deployment scenario). Event Viewer...
on
16 Feb 2011
Wiki Page:
AD FS 2.0: Query Notification Delivery Failed Because of the Following Error in Service Broker: 'The conversation handle "{GUID} is not found.'
Ed Price - MSFT
Symptoms Making configuration changes in the AD FS 2.0 MMC fails and the following event is logged: ---------------------------------------- A SQL operation in the AD FS configuration database with connection string Data Source={server_name}\{instance};Initial Catalog=AdfsConfiguration;Integrated...
on
16 Feb 2011
Wiki Page:
AD FS 2.0: Prompted for Credentials When You Are Expecting to Be Allowed Anonymous Access
Ed Price - MSFT
Symptoms Browsing to certain AD FS 2.0 resources results in an authentication prompt rather than being allowed the expected anonymous access . Examples: /adfs/ls/idpinitiatedsignon.aspx homerealmdiscovery.aspx as a result of browsing /adfs/ls/ containing WS-Federation parameters or...
on
16 Feb 2011
Page 4 of 5 (102 items)
1
2
3
4
5
Can't find it? Write it!
Post an Article