Author Archives: Paul Williams

About Paul Williams

IT consultant working for Microsoft specialising in Identity Management and Directory Services.

Integrated Windows Authentication (IWA) with Enhanced Protection for Authentication (EPA) and Chrome–it now works!

Some time back I posted quite a popular post describing the effect of a bug in Chrome that prevented the use of Enhanced Protection for Authentication, a.k.a. TLS channel binding, when authenticating via Integrated Windows Authentication (IWA).  I cared about … Continue reading

Posted in AD FS, News | Tagged , , , , , | 1 Comment

Azure Multi-Factor Authentication (#AzureMFA) and Active Directory Federation Services (#ADFS)

Today, implementing Azure Multi-Factor Authentication (MFA) in an hybrid identity and access management solution based on Azure Active Directory (Azure AD, AAD) and Active Directory Federation Services (AD FS) more often than not requires that you implement the on-premises Azure … Continue reading

Posted in AD FS, Azure MFA | Tagged , , , , , | 10 Comments

Claim rules for the Azure Active Directory (#AzureAD) Relying Party (RP) trust

When you establish a federation with Azure Active Directory (AAD) for the purpose of single sign-on (SSO) the majority of people will utilise the Azure AD PowerShell cmdlets to create or convert one or more verified domains into federated domains.  … Continue reading

Posted in AD FS, Azure Active Directory | Tagged , , , , , , , | 4 Comments

Azure Multi-Factor Authentication Server portal looping layer-8 issue

I’ve recently designed and implemented a large hybrid identity provider that comprises Azure Active Directory Premium, Active Directory Federation Services and Azure Multi-Factor Authentication Server.  One of the things I did was utilise Internet Information Services (IIS) URL rewrite rules … Continue reading

Posted in Azure MFA | Tagged , , , , | 2 Comments

The use of Distributed Key Manager (DKM) in Active Directory Federation Services (AD FS)

Something that crops up quite a lot when you’re involved in planning and designing an Active Directory Federation Services (AD FS) infrastructure is certificates and, for those of you who have worked anywhere where you have to justify your design … Continue reading

Posted in AD FS | Tagged , , , , , , | 3 Comments

New WID support limit in AD FS

Excellent news!  The number of supported federation service (FS) servers in a farm with a Windows Internal Database (WID) backend has increased from 5/10 to 30: A WID farm has a limit of 30 federation servers if you have 100 … Continue reading

Posted in AD FS, Uncategorized | Tagged , , , , , , | 4 Comments

AD FS, Enhanced Protection for Authentication (EPA), Chrome and Integrated Windows Authentication (IWA)

Something that I’ve had the misfortune of working on to look into recently was the user experience when accessing federated business apps using a browser that isn’t Internet Explorer.  Suffice to say, my customer has “two” supported browsers: IE (9, … Continue reading

Posted in AD FS, Uncategorized | Tagged , , , , , , , , , , | 5 Comments