TechNet
Products
IT Resources
Downloads
Training
Support
Products
Windows
Windows Server
System Center
Microsoft Edge
Office
Office 365
Exchange Server
SQL Server
SharePoint Products
Skype for Business
See all products »
Resources
Channel 9 Video
Evaluation Center
Learning Resources
Microsoft Tech Companion App
Microsoft Technical Communities
Microsoft Virtual Academy
Script Center
Server and Tools Blogs
TechNet Blogs
TechNet Flash Newsletter
TechNet Gallery
TechNet Library
TechNet Magazine
TechNet Wiki
Windows Sysinternals
Virtual Labs
Solutions
Networking
Cloud and Datacenter
Security
Virtualization
Updates
Service Packs
Security Bulletins
Windows Update
Trials
Windows Server 2016
System Center 2016
Windows 10 Enterprise
SQL Server 2016
See all trials »
Related Sites
Microsoft Download Center
Microsoft Evaluation Center
Drivers
Windows Sysinternals
TechNet Gallery
Training
Expert-led, virtual classes
Training Catalog
Class Locator
Microsoft Virtual Academy
Free Windows Server 2012 courses
Free Windows 8 courses
SQL Server training
Microsoft Official Courses On-Demand
Certifications
Certification overview
Special offers
MCSE Cloud Platform and Infrastructure
MCSE: Mobility
MCSE: Data Management and Analytics
MCSE Productivity
Other resources
Microsoft Events
Exam Replay
Born To Learn blog
Find technical communities in your area
Azure training
Official Practice Tests
Support options
For business
For developers
For IT professionals
For technical support
Support offerings
More support
Microsoft Premier Online
TechNet Forums
MSDN Forums
Security Bulletins & Advisories
Not an IT pro?
Microsoft Customer Support
Microsoft Community Forums
Sign in
Home
Library
Wiki
Learn
Gallery
Downloads
Support
Forums
Blogs
Resources For IT Professionals
United States (English)
Россия (Pусский)
中国(简体中文)
Brasil (Português)
Skip to locale bar
Get this Tag RSS feed
Translate this page
Powered by
Microsoft® Translator
Popular Tags
Active Directory
AD
AD DS
adfs
ASP.NET
azure
BizTalk
BizTalk Server
BizTalk Server 2010
C#
Candidate for deletion
certification
cloud
core docs
de-DE
EAA
Ed Price
Ed's Stub Pages
en-US
ESA
es-ES
Excel
Exchange
Exchange 2010
fa-IR
Fernando Lugao Veltem
FIM
FIM 2010
FIM Resources
FIM-HELP
forefront
forums
fr-FR
Gokan Ozcifci
has code
has comment
has comments
has image
has Images
has Other Languages
has See Also
Has Table
Has TOC
Horizon_Net
How To
Hyper-V
id-ID
IIS
Italian Wiki Articles
it-IT
ja-JP
Jordano Mazzoni
Link Collection
Luciano Lima
Luigi Bruno
Lync Server 2010
MIISILMFIM MACAULAY
Multi Language Wiki Articles
needs work
operations manager
Pirated Content
Portal
Português Brasil
PowerShell
pt-BR
security
SharePoint
SharePoint 2010
SharePoint 2013
SharePoint Pirate
Small Basic
solucionando problemas
SQL Server
SQL Server 2012
stub
System Center
System Center 2012
TechNet Guru
TechNet Wiki
TechNet Wiki Featured Article
tonyso
Translated into Japanese
troubleshooting
tr-TR
vídeo
Video
Virtualization
VMM
Wiki
Windows
Windows 7
Windows 8
Windows Azure
Windows Server
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
yottun8
اکتیو دایرکتوری
Browse by Tags
>
TechNet Articles
>
All Tags
>
ADFS 2.0
Tagged Content List
Wiki Page:
Claims-Based Authentication for Microsoft Dynamics CRM 2011
Payman Biukaghazadeh
This article is a stub and requires massive community input. Please contribute! Overview Microsoft Dynamics CRM 2011 introduces a new method for providing external access to an organization's on-premises Dynamics CRM deployment, also known as Internet-Facing Deployment (IFD). This new method...
on
27 May 2013
Wiki Page:
CRM 2011: How to Enable Verbose Windows Identity Foundation (WIF) Tracing for Claims-Based Authentication
Payman Biukaghazadeh
Overview When CRM 2011 is configured for claims-based authentication (CBA), Windows Identity Foundation (WIF) is utilized. When troubleshooting CBA, it may be necessary to gather tracing data from the CRM 2011 server. This article details the steps needed in order to create verbose WIF traces from...
on
26 May 2013
Wiki Page:
AD FS 2.0: Selectively send group membership(s) as a claim
JaredPoeppelman
You can send group membership as claims by using the built in templates Create a new rule, choose “Send LDAP Attributes as Claims” Choose Active Directory as the Attribute Store, and choose the LDAP Attribute “Token-Groups – Unqualified Names” and the claim type as “Group” This will send...
on
22 May 2013
Wiki Page:
AD FS 2.0: How to Set the Primary Federation Server in a WID Farm
Carsten Siemens
Summary When you deploy an Active Directory Federation Services ( AD FS) 2.0 Federation Server farm, you have the option of choosing Windows Internal Database (WID) or SQL to store the configuration information. When you select WID, which is the default in the Initial Configuration Wizard GUI...
on
15 May 2013
Wiki Page:
AD FS 2.0: How to Replace the SSL, Service Communications, Token-Signing, and Token-Decrypting Certificates
Carsten Siemens
Table of Contents Replacing the SSL and Service Communications certificate Replacing the Token-Signing certificate Replacing the Token-Decrypting certificate More Information Were you looking for AD FS 1.x information regarding certificate replacement? Have you recently enabled AutoCertificateRollover...
on
15 May 2013
Wiki Page:
Extending the Error Diagnostics of ADFS
Carsten Siemens
Introduction When working with ADFS and an external partner it can sometimes be difficult to determine why errors occur. There are some helpful pages describing how to setup ADFS debug/trace at http://blogs.msdn.com/b/card/archive/2010/01/21/diagnostics-in-ad-fs-2-0.aspx and http://technet...
on
29 Apr 2013
Wiki Page:
AD FS 2.0: "ID4037: The key needed to verify the signature could not be resolved from the following security key identifier"
Fernando Lugão Veltem
Symptoms During a federation passive sign-in request using SAML 2.0 protocol , the request fails and the user lands on the AD FS 2.0 error page The Verbose AD FS 2.0/Admin log shows Error event 303 : Log Name: AD FS 2.0/Admin Source: AD FS 2.0 Date: 9/17/2010 10:54:19 AM Event...
on
25 Apr 2013
Wiki Page:
AD FS 2.0: How to Utilize a Single Relying Party Trust for Multiple Web Applications that Share the Same Identifier
Richard Mueller
A common request we receive from customers is: "I have multiple environments for the same web application. For example, development (DEV), staging (STAGE), and production (PROD). I want to create one Relying Party (RP) Trust in AD FS 2.0 which utilizes a single set of issuance claim rules,...
on
5 Apr 2013
Wiki Page:
AD FS 2.0: Guidance for Selecting and Utilizing a Federation Service Name
Matth CH
Prior to deploying AD FS 2.0, it is essential that a Federation Service Name is selected, and there are some important items to consider before selecting the Federation Service Name. Items for Consideration 1. The Federation Service Name must never equal any machine name in the Active...
on
3 Apr 2013
Wiki Page:
AD FS 2.0: Dynamic Claim Types
Joji Oshima
Dynamic Claim Types There is data stored about a user in a SQL database ( or other attribute store ). The data stored about the user in the database needs to be a part of the claim type and not the value of the claim. For example, properties “ Redmond ” and “ Building3 ” stored in a database...
on
28 Feb 2013
Wiki Page:
AD FS 2.0: Using RegEx in the Claims Rule Language
Joji Oshima
An Introduction to Regex The use of RegEx allows us to search or manipulate data in many ways in order to get a desired result. Without RegEx, when we do comparisons or replacements we must look for an exact match. Most of the time this is sufficient but what if you need to search or replace based...
on
28 Feb 2013
Wiki Page:
AD FS 2.0: How to Consume RelayState to Automate Access to Relying Parties During IDP-Initiated Sign-On
Yagmoth555
“This article has been retired since a fix for this issue has recently been made available. For details about what RelayState issue was fixed, see Description of Update Rollup 2 for Active Directory Federation Services (AD FS) 2.0 or Supporting Identity Provider Initiated RelayState .”
on
23 Feb 2013
Wiki Page:
AD FS 2.0: How To Modify The Duration of AutoCertificateRollover Certificates
Yagmoth555
Overview By default in AD FS 2.0, the self-signed certificates generated by AutoCertificateRollover are valid for 365 days. Although AD FS 2.0 will maintain these certificates for the service, it is the responsibility of the AD FS 2.0 administrator or the Claims Proivder/Relying Party partner administrator...
on
23 Feb 2013
Wiki Page:
AD FS 2.0: How to Automatically Add the AD FS 2.0 Powershell Snap-in When Launching Powershell
Richard Mueller
If you often administer your AD FS 2.0 Federation Service using PowerShell, there is an easy way to automatically add the AD FS 2.0 PowerShell snap-in when the PowerShell console window is launched. Ove rview PowerShell loads a profile for the user when the console window is launched. We...
on
22 Feb 2013
Wiki Page:
AD FS 2.0: "The request specified an Assertion Consumer Service URL that is not configured on the relying party"
Yagmoth555
Symptoms Sign-in fails The following events are logged in the AD FS 2.0/Admin event log: Log Name: AD FS 2.0/Admin Source: AD FS 2.0 Date: 07/28/2011 05:15:28 PM Event ID: 364 Level: Error User: CONTOSO\ADMIN Computer: adfs.contoso.com Encountered error during federation...
on
21 Feb 2013
Wiki Page:
AD FS 2.0: How to Migrate Claim Rules Between Trusts
Yagmoth555
Overview This article demonstrates how to migrate claim rules from one trust in AD FS 2.0 to another trust in AD FS 2.0. This may be useful when you are creating multiple trust relationships which will utilize similar claim rules, or when you are migrating configuration data between test, staging...
on
19 Feb 2013
Wiki Page:
AD FS 2.0: How to Use Fiddler Web Debugger to Analyze a WS-Federation Passive Sign-In
Yagmoth555
This article's purpose is to demonstrate how to utilize Fiddler Web Debugger to analyze traffic in a WS-Federation sign-in conversation, specifically for AD FS 2.0. If you are looking for Fiddler debugging information for another protocol such as WS-Trust or SAML 2.0, please see the More Information...
on
19 Feb 2013
Wiki Page:
Federation Extensions for SharePoint 3.0 - ID1013: "Could not access the server hosting the WS-Federation metadata document. Object Identifier (OID) is unknown."
Yagmoth555
Symptoms While executing Federation Extensions for SharePoint 3.0 on Windows Server 2003, the utility fails with the following error: ID1013: Could not access the server hosting the WS-Federation metadata document. Object Identifier (OID) is unknown Cause This is related to SHA2 support...
on
14 Feb 2013
Wiki Page:
AD FS 2.0: How to Request a Specific Name ID Format from a Claims Provider (CP) During SAML 2.0 Single-Sign-On (SSO)
Yagmoth555
When AD FS 2.0 is the Service Provider Security Token Service (STS) and is involved in SAML 2.0 passive web SSO, there may be a requirement from the CP (also known as Identity Provider or IDP) to have AD FS 2.0 instruct the CP as to which Name ID Format is required. SAML 2.0 protocol specifies an...
on
14 Feb 2013
Wiki Page:
AD FS 2.0: How to Change the Local Authentication Type
Yagmoth555
AD FS 2.0, out of the box, supports four local authentication types: Integrated Windows authentication (IWA) - can utilize Kerberos or NTLM authentication. You should always prefer Kerberos authentication over NTLM and configure the appropriate service principal name (SPN) for the AD FS 2.0 service...
on
6 Feb 2013
Wiki Page:
Windows Identity Foundation (WIF): How to Change Certificate Chain Validation Settings for Web Applications
Yagmoth555
Summary When you run FedUtil.exe or Federated Extensions for SharePoint 3.0, you have the option of turning on/off certificate chain validation for the token-signing certificate in the GUI. You may, however, decide at a later date that you wish you would have turned it off or maybe you need to...
on
6 Feb 2013
Wiki Page:
AD FS 2.0: Windows service does not start, does not start automatically, or starts slowly
Yagmoth555
Overview The AD FS 2.0 service takes a long time to start and restart The AD FS 2.0 service may fail to start upon login The AD FS 2.0 service may fail to start altogether The AD FS 2.0 server does not have outbound Internet access Disable Authenticode Signing Verification ...
on
5 Feb 2013
Wiki Page:
Active Directory Federation Services (ADFS) Wiki Articles
Richard Mueller
This page provides a quick overview of the Technet Wiki articles related to ADFS (Active Directory Federation Services). The Wiki search engine provides you with the latest updates, but it does not provide a comprehensive overview, nor the search results are grouped (yet). This page focusses on...
on
1 Jan 2013
Wiki Page:
Configuring TMG as an AD FS 2.0 Proxy
Richard Mueller
Table of Contents TMG vs the AD FS 2.0 proxy Basic setup of TMG 2010 Installing TMG 2010 Configure Network Settings Configure System Settings Define Deployment Options Configure Firewall Policy Configure Policy Validating Your Configuration Troubleshooting Alternate Configurations Listener Authentication...
on
2 Nov 2012
Wiki Page:
AD FS 2.0: Domain Local Groups in a claim
Joji Oshima
Introduction The basic method for adding group memberships into claims is using Send LDAP Attributes as Claims and picking one of the tokenGroups options. This method works for global and universal groups, but will leave out any domain local groups. The primary reason for this is there is no intuitive...
on
4 Oct 2012
Page 2 of 4 (78 items)
1
2
3
4
Can't find it? Write it!
Post an Article