Browse by Tags

Tagged Content List
  • Wiki Page: Windows Identity Foundation (WIF) Throws Exception: "ID6018: Digest verification failed for reference"

    Symptoms During a federation passive request to a WIF-protected web application, WIF throws an exception on the web server. When WIF tracing is enabled, the following exception is found in the service trace: < <ExceptionType>System.Security.Cryptography.CryptographicException...
  • Wiki Page: AD FS 2.0: Understanding AutoCertificateRollover Threshold Properties

    Item Sample Value Description of Item Effect AutoCertificateRollover True Specifies whether the system will manage certificates for the administrator and generate new certificates before the expiration date of current certificates. ...
  • Wiki Page: AD FS 2.0: Asserting the NameID Claim Type with Additional Properties

    Overview The SAML NameID claim type is a special claim type used to identify the principal of the session, and this claim type can be asserted containing only the value data, or you can also choose to assert additional NameID properties. Below, you will find a Claim Rule Language sample, which...
  • Wiki Page: Workplace Join discovery failed. Exit code 0x80072F19

    I was trying to setup with Web Application Proxy Lab on Server 2012 R2 RTM and ran into issue with Workplace Join as it failed to join and encountered error : Confirm you are using the correct sign-in info, and that your workplace uses this feature. Also the connection to your workplace might not...
  • Wiki Page: AD FS 2.0: Configuration options for shared computers and kiosks

    Introduction Using claims aware applications on a shared computer or kiosk adds additional challenges for configuration. One common challenge faced by administrators is with users gaining access to applications as the previous user. Scenario: - User A browses to a claims aware application...
  • Wiki Page: Office 365 System Requirements – Client side

    If you ever look at all the migration that we do, we have to completed the biggest challenge; clients has been getting the system requirements ready for Office 365. The best advice is to start updating workstations as quickly and as early in the process as possible. The reason for these updates to...
  • Wiki Page: Office 365 – Cloud Configuration – Live

    The transition to the microsoft cloud is not to be taken lightly. The planning and processes involved in transitioning from an established infrastructure to a cloud environment is a major undertaking and will be able to save money after moving to Microsoft Office 365. Microsoft is encouraging organizations...
  • Wiki Page: Office 365 and ADFS…Active Directory Federation Service Installation

    ADFS…Active Directory Federation Service – STEP by STEP installation for O365 A main tool for corporate network to maintain on-prem and cloud-prem on a single sign-on environment. Deployment of ADFS is always happening on-prem and will sync to the cloud to maintain the AD structure and security through...
  • Wiki Page: AD FS 2.0: Continuously Prompted for Credentials When Using FireFox 3.6.3

    Symptoms Users are continuously prompted for credentials when authenticating to AD FS 2.0 while using FireFox 3.6.3. Internet Explorer does not exhibit this behavior. Cause The default FireFox 3.6.3 network authentication configuration is incorrect. Resolution...
  • Wiki Page: AD FS 2.0: The AD FS 2.0 Windows Service Fails to Start, Event 102 and 220 Logged

    Symptoms Starting AD FS 2.0 Windows Service fails From the Services console: "Windows could not start the AD FS 2.0 Windows Service service on Local Computer. Error 1064: An exception occurred in the service when handling the control request." From the command line...
  • Wiki Page: AD FS 2.0: How to Configure the SPN (servicePrincipalName) for the Service Account

    Summary When you deploy an AD FS 2.0 Federation Server farm you must specify a domain-based service account , and the AD FS 2.0 service account needs to have a SPN ( servicePrincipalName ) registered to allow Kerberos to function for the Federation Service. When you initially configure...
  • Wiki Page: AD FS 2.0: How to Enable and Immediately Use AutoCertificateRollover

    Summary When the GUI Initial Configuration Wizard (ICW) of AD FS 2.0 has been executed, AutoCertificateRollover is automatically enabled by default and the token-signing and token-decrypting certificates are self-signed and maintained by the AD FS 2.0 service. When the command line ICW of...
  • Wiki Page: AD FS 2.0: "Script is disabled. Click Submit to continue."

    Symptoms When accessing an AD FS-protected resource using a web browser (passive requestor), the AD FS server presents a page similar to the following: "Script is disabled. Click Submit to continue." Once the user clicks the "Submit" button, access to the application is...
  • Wiki Page: Share AD RMS Protected Content when Partners Do Not Have an AD RMS Installation

    Here, we consider five different ways to securely collaborate with partners who have not installed AD RMS. Creating a separate account store for your partner users is the most conceptually basic solution. In this scenario, create a separate Active Directory forest with an AD RMS cluster and set...
  • Wiki Page: AD FS 2.0: Error Event 323, "MSIS5009: The impersonation authorization failed" and Event 364, "MSIS3126: Access denied"

    Symptoms Token issuance fails The following events are logged in the AD FS 2.0/Admin Event Log: Log Name: AD FS 2.0/Admin Source: AD FS 2.0 Date: 2/14/2011 1:32:23 PM Event ID: 323 Task Category: None Level: Error Keywords: AD FS User: NETWORK SERVICE Computer...
  • Wiki Page: AD FS 1.0 and 1.1: How to Replace the SSL, Token-Signing, and Federation Server Proxy Certificates

    Replacing the SSL certificate 1. Obtain a new certificate with the following requirements a. Enhanced Key Usage is at least Server Authentication . If you are obtaining this from an internal MS Enterprise CA, the Web Server template will work fine. b. Subject or Subject Alternative...
  • Wiki Page: ADFS Publishing rule in TMG

    After you install the ADFS server for Office 365, you need to publish the rule in your TMG (Threat Management Gateway) if you are using TMG as your front end firewall. To do that, open the TMG portal and do the following Create the new rule Now create the new Listener for ADFS...
  • Wiki Page: Automatic Login to SharePoint 2010 with AD FS 2.0 & WS-Federation

    Table of Contents Introduction Pre-formatted Link Sample URL Broken Down Removing or Seperating Windows Authentication Links Introduction Consider the situation where you have a SharePoint 2010 site secured by AD FS 2.0 and you have a partner that accesses this application that also uses AD...
  • Wiki Page: Duplicate:WCF (REST) Service With Federated Authentication, Service Identities Managed By Live ID, Facebook, Google, Yahoo!, Open ID

    Back to Cloud Identity Scenarios and Solutions for Developers Table of Contents Scenario Solution Approach Analysis How To's Code Samples Resources Scenario In this scenario you are developing WPF application that consumes RESTful WCF service. You need to integrate Internet Identity Providers...
  • Wiki Page: AD FS 2.x: When a User is Not Authorized Access to a Relying Party, Redirect the User to a Specific Location

    Overview Consider the following scenario: You have deployed AD FS 2.x, and you wish to provide granular access to specific relying parties by utilizing Issuance Authorization Rules on each Relying Party Trust As an example, you have Contoso SharePoint as a relying party, and you wish to only...
  • Wiki Page: Office 365 Knowledge Base Library

    Table of Contents Office 365 licensing Office 365 billing Network DNS Provisioning Authentication Microsoft Identities Federated authentication Federated authentication Planning Federated authentication Configuring Federated authentication Customizing Federated authentication Troubleshooting Office 365...
  • Wiki Page: AD FS 2.0 & Higher: Truncate strings in claims using RegEx

    Scenario: There is an incoming claim ( or user attribute ) that is being sent to a relying party When the claim is sent, the value must not exceed a certain character limit Data that exceeds this limit must be truncated to accommodate this requirement Example: Incoming claim http...
  • Wiki Page: Understanding Claim Rule Language in AD FS 2.0 & Higher

    Table of Contents Introduction Understanding Claim Sets General Syntax of the Claim Rule Language Condition Statements Issuance Statements Multiple Conditions Combining Values Aggregate Functions Using Regular Expressions Querying Attribute Stores SQL Attribute Stores LDAP Attribute Stores Links to Additional...
  • Wiki Page: SharePoint 2007: AD FS 2.0 - "An unexpected error has occurred" Error or Blank Page Displayed Attempting to Log on to SharePoint, Event ID 23 Logged

    Symptoms You may receive the following error attempting to log on to a SharePoint 2007 site: An unexpected error has occurred. On SharePoint 2010, no error will be displayed and instead you will see a blank page in the browser If you enable AD FS 2.0 tracing, you will see Event ID 23...
  • Wiki Page: AD FS 2.0: The Service Fails to Start: "The service did not respond to the start or control request in a timely fashion."

    Symptoms The AD FS 2.0 Windows service fails to start. This can be observed during Initial Configuration, during a manual restart of the service, or after a system reboot. The System event log indicates a timeout failure similar to the following: Source: Service Control Manager...
Page 1 of 6 (133 items) 12345»
Can't find it? Write it!