Category Archives: AD FS

Claim rules for the Azure Active Directory (#AzureAD) Relying Party (RP) trust

When you establish a federation with Azure Active Directory (AAD) for the purpose of single sign-on (SSO) the majority of people will utilise the Azure AD PowerShell cmdlets to create or convert one or more verified domains into federated domains.  … Continue reading

Posted in AD FS, Azure Active Directory | Tagged , , , , , , , | 4 Comments

The use of Distributed Key Manager (DKM) in Active Directory Federation Services (AD FS)

Something that crops up quite a lot when you’re involved in planning and designing an Active Directory Federation Services (AD FS) infrastructure is certificates and, for those of you who have worked anywhere where you have to justify your design … Continue reading

Posted in AD FS | Tagged , , , , , , | 3 Comments

New WID support limit in AD FS

Excellent news!  The number of supported federation service (FS) servers in a farm with a Windows Internal Database (WID) backend has increased from 5/10 to 30: A WID farm has a limit of 30 federation servers if you have 100 … Continue reading

Posted in AD FS, Uncategorized | Tagged , , , , , , | 4 Comments

AD FS, Enhanced Protection for Authentication (EPA), Chrome and Integrated Windows Authentication (IWA)

Something that I’ve had the misfortune of working on to look into recently was the user experience when accessing federated business apps using a browser that isn’t Internet Explorer.  Suffice to say, my customer has “two” supported browsers: IE (9, … Continue reading

Posted in AD FS, Uncategorized | Tagged , , , , , , , , , , | 5 Comments

Configuring SAML sign-out in Active Directory Federation Services (AD FS)

Consider this scenario: you have a SAML2P Software-as-a-Service (SaaS) application, for example Chatter, configured for Single Sign On (SSO) with Active Directory Federation Services.  This means that your SaaS app is a relying party (RP), or service provider (SP), … Continue reading

Posted in AD FS, Troubleshooting | Tagged , , , , , , | 4 Comments

Revisiting the Microsoft Online immutable ID design decision

Some time back I posted about Azure Active Directory synchronisation using Forefront Identity Manager (FIM) 2010 R2 and the Azure AD Connector.  My focus was multi-forest deployments, but as we know this topology was required for several advanced scenarios too.  … Continue reading

Posted in AADSync, AD FS, Azure Active Directory, DirSync, FIM | Tagged , , , , , , , , , | 8 Comments

ExternalAuthenticationHandler.Process() exception: System.Net.WebException: The request failed with HTTP status 405: Method Not Allowed

It’s turning into a month of school-boy/layer-8 issues.  Evidently I need to slow down!  Scenario You are integrating Windows Server 2012 R2 Active Directory Federation Services (AD FS), a.k.a. AD FS 3.0, with an on-premises Azure Multi-Factor Authentication (MFA) Server.  … Continue reading

Posted in AD FS, Azure, Azure MFA | Tagged , , , , , , , , , , , | Leave a comment