1,250 questions with Active Directory Federation Services tags
I have disabled synchronization, now what?
I am taking our organization fully online and eliminating on-prem servers. Everything I could find on the subject (on and off Microsoft) said just to disabled Synchronization using this command: Set-ADSyncScheduler -SyncCycleEnabled $false then uninstall…
MSIS7012 : The same client browser session has made '6' requests in the last '1' seconds. Contact your administrator for details
We have a .Net application which we implemented ADFS WSFED in it. Its working fine in local but when we deployed we are facing this error. For Dev in URL I see Realm is HTTPS but wreply is HTTP. But for local I see Realm is HTTPS but wreply is HTTPS.…
Error al autentificar credenciales de usuario global
Buenas tardes El dìa de hoy quise actualizar a una ultima versión el Azure AD Connect. Tobo bien hasta que ingreso mis credenciales aparece el error "No se pueden validar las credenciales debido a u error inesperado. Reinicie Azure AD COnnect con la…
Domain user getting: The sign-in method you’re trying to use isn’t allowed
Domain user getting: The sign-in method you’re trying to use isn’t allowed I'm troubleshooting a problem with a domain user who when trying to log in to his domain account gets the message "The login method you are trying to use is not…
how to fix Exception of type 'Microsoft.Graph.AGS.Contracts.ClaimsChallengeRequiredException' was thrown.
Hi, I’ve just created an app and used AAD for authentication by following the instructions in this link: Tutorial: Register an application with the Microsoft identity platform. I'm deployd this site on docker and linux. a lot of users can login but one…
Microsoft Entra Hybrid Join – Devices Stuck in "Pending" Status
Hello Team, We are facing an issue with our on-premises Active Directory (AD) integrated with Active Directory Federation Services (AD FS). We have correctly configured Microsoft Entra hybrid join using Microsoft Entra Connect, following the official…
Windows Hello for Business OnPremise with certificate and without ADFS
Hello everyone, Is it possible to successfully implemented Windows Hello for Business for domain users with a domain Certificate Authority on W2019 server and without AD FS, only with a simple CRA with a Windows Server Certificate Registration Authority…
POP UP MESSAGE FOR DOMAIN USER
Dear All, Can you any one help me or give any suggestions as per my company requirement they need a pop-up message for domain user right after login they will get a pop-up message for company terms and conditions and the user will accept the terms and…
Windows Hello for Business On-Prem Enrollment Glitch
We have an on-premise certificate trust WHfB deployment here and it's been working great for months, but now all of a sudden I'm encountering a weird glitch when trying to enroll new machines. Upon clicking Set up PIN when prompted upon login, the AD FS…
ADFS - No strong authentication method found for the request from Error
Hello, I'm running Windows Server 2019 ADFS migrated from old version of ADFS. Everything is working fine, but we had to remove/disable the 3rd party MFA vendor we had. So I disabled the vendor's tool from the Authentication Methods in ADFS console…
ADFS with Web Application Proxy for User certificate Authentication failure
Dear Team, I have deployed the AD servers, ADFS servers, Internal CA servers, and Web Application Proxy (WAP). Forms Authentication (via Direct ADFS server) - Successful authentication. Forms Authentication (via Web Application Proxy(ADFS)) - Successful…
Google SSO logout not sending SAML parameters to Azure AD B2C - AADB2C: HttpRequest does not contain any SAML 2.0 protocol parameters
I have currently set up Azure AD B2C as IDP to log into Google Workspace. I am using a custom SAML policy which has an additional MFA step integrated and the login works as expected. When I logout, Google is calling my custom SAML policy set up in the…
How to Federate ADFS Issued Tokens with Azure AD for Microsoft Graph API Access Using ROPC Flow
I am working on integrating ADFS-issued tokens with Azure AD to allow access to Microsoft Graph API using the Resource Owner Password Credentials (ROPC) flow (grant_type=password). I have set up ADFS as the identity provider, and I can successfully…
promote sub-domain from managed to federated
I am trying to setup a federated services to a sub-domain. I have it working in a sample sub-domain for forgot how I went about doing that (was over a year ago). Our main default domain is a "Managed" domain (example conteso.com). Our test…
Microsoft Azure Active Directory Connect Problem
Hi everyone, Error Information: Unable to validate credentials due to an unexpected error. Restart Azure AD Connect with the / InteractiveAuth option to further diagnose this issue. Unable to read data from the transport connection:An existing…
How can my third party application access on-premise users calendar using modern authentication via EWS API?
I have a third party application wherein some of my users are using On-Premise Exchange server, How can I access or create calendar events in their on-premise Outlook account using modern authentication? We were able to fetch calendar events by…
Failed to create AzureadKerberos (Cloud Kerberos Trust)
We are trying to establish cloud Kerberos trust to enable WHFB in our environment. However, it is giving below error. It gives error at command Set-AzureADKerberosServer. Any advise and suggestion will be highly appreciated. We have followed below…
ADFS 4.0, Federated with external IDP
Scenario: ADFS at Forest root domain Root.local Federated with external IDP sending NameID to ADFS at ADFS, claims Provider trust created and pass NameID At child domain A.root.local we created shadow account to match with NameID sent from External IDP A…
Best practices on how to decommission ADFS servers
Hi We have moved from ADFS to PTA managed about 3 months ago. I have now around 6 x ADFS Infrastructure servers still running (DMZ and internal network). How should I be decommissioning these servers? Could be as simple as Power off? How can…
ADFS couldn’t start service adfssrv under another gMSA error 1064, 220
I'm trying to start the ADFS service under a new gMSA and at about 10 seconds I get a 1064 error, unless I make a mistake while reading the internal WID database. I had this problem in a production environment, I get the same error in a lab environment.…