Tag Archives: AD FS

#ADFS, IWA and the WIASupportedUserAgents property

Recently, I’ve found myself answering several questions and writing emails and some change control paperwork on the topic of Integrated Windows Authentication (IWA) in AD FS.  I’m going to commit the behaviour to this blog for posterity and easy (lazy) … Continue reading

Posted in AD FS | Tagged , , , , , , , , , , | Leave a comment

#ADFS and #MFA load balancer guidance

When designing Active Directory Federation Services (AD FS) my actual involvement with the networking guys who handle the load balancer configuration is generally limited to a few calls and emails.  We provide some requirements in the forms of availability and … Continue reading

Posted in AD FS, Azure MFA | Tagged , , , , , , , , , | 2 Comments

Multi-Factor Authentication and multiple identity providers

When you implement an additional authentication provider in your Active Directory Federation Services (AD FS) identity provider (IdP) you soon start getting all manner of requests from application owners/managers within the business for multi-factor authentication (MFA) configuration.  For the most … Continue reading

Posted in AD FS | Tagged , , , , , , , , | 1 Comment

Active Directory Federation Services (#ADFS) Single Sign On (SSO) and token lifetime settings

To understand Single Sign-On (SSO) and Persistent Single Sign-On (PSSO) in Active Directory Federation Services (AD FS) you must first understand the authentication cookie.  After the initial logon is validated an authentication cookie is written to the client (typically a … Continue reading

Posted in AD FS | Tagged , , , , , | 1 Comment

Adding a link to the #AzureAD Password Reset web site in your #ADFS forms-based sign-in pages

Implementing Azure Active Directory Password Reset?  Want to make it a bit easier for your users who logon to Azure AD using federated identities to get to the self-service password reset and/or unlock portal? Take the following customised forms-based authentication … Continue reading

Posted in AD FS | Tagged , , , , , | Leave a comment

Integrated Windows Authentication (IWA) with Enhanced Protection for Authentication (EPA) and Chrome–it now works!

Some time back I posted quite a popular post describing the effect of a bug in Chrome that prevented the use of Enhanced Protection for Authentication, a.k.a. TLS channel binding, when authenticating via Integrated Windows Authentication (IWA).  I cared about … Continue reading

Posted in AD FS, News | Tagged , , , , , | 1 Comment

Claim rules for the Azure Active Directory (#AzureAD) Relying Party (RP) trust

When you establish a federation with Azure Active Directory (AAD) for the purpose of single sign-on (SSO) the majority of people will utilise the Azure AD PowerShell cmdlets to create or convert one or more verified domains into federated domains.  … Continue reading

Posted in AD FS, Azure Active Directory | Tagged , , , , , , , | 4 Comments