Azure AD – Change from ADFS to pass-through Authentication

26/01/201829/01/2018 Martin Wüthrich Active Directory, ADFS, Azure AD, Office365

Since pass-through Authentication is GA and the major limitations are gone, I decided to change my Azure AD authentication against my local AD from ADFS to pass-through provided with Azure AD Connect.
For those who are not that familiar with the concept of pass-through authentication, on this Microsoft Article “How it works”, you will find all the information. The picture below is from this article as well.

Continue reading →

ADFS – Single Sign On with automatic Login on Edge Browser

10/05/2017 Martin Wüthrich ADFS, Azure AD, Office365, Windows 10

Today I would like to share my experience when it comes to add a User Agent (e.g. Browser) to the list of Single Sign On capable applications. There is quite a good Article from Microsoft that describes how to add a User agent to the ADFS Configuration, you will find this Article here:
https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configure-intranet-forms-based-authentication-for-devices-that-do-not-support-wia
Continue reading →

ADFS – Install Web Application Proxy fails with 401: Unauthorized

23/04/201623/04/2016 Martin Wüthrich Active Directory, ADFS, Azure AD, EMM

Hi,

today I faced the issue, that when I tried to install my Web Application Proxy for ADFS, it permanently fails with the Event ID 422:

With Text:
‎Unable to retrieve proxy configuration data from the Federation Service.
Additional Data
Trust Certificate Thumbprint:
3CD8F7C4697ED510546F74C25B4FD4F8C183CE34

Status Code:
Unauthorized
Exception details:
System.Net.WebException: The remote server returned an error: (401) Unauthorized.
at System.Net.HttpWebRequest.GetResponse()
at Microsoft.IdentityServer.Management.Proxy.StsConfigurationProvider.GetStsProxyConfiguration()
—- End Snip—
I was quite sure, that I had everything quite well configured, and that I was using the correct certificate. Continue reading →

Microsoft EMS – Intune – ADFS federation relying party trust secure hash algorithm

27/03/2015 Martin Wüthrich ADFS, BYOD, MDM

Hi, here’s Martin again with a short blogpost about the ADFS federation for Intune.

I was going through the Options of the ADFS Infrastructure after reading this very interesting Blog on TechNet from David Gregory:
http://blogs.technet.com/b/askpfeplat/archive/2015/03/02/adfs-deep-dive-onboarding-applications.aspx

There is the Secure Hash algorithm Pointed out:

The relying party trust in ADFS must be configured with the correct secure hash algorithm. Most SAML applications will support SHA-1 while most WS-Fed applications will support SHA-256.

Continue reading →

Quickpost: ADFS 3.0 – Customize Login Page

31/01/201431/03/2016 Martin Wüthrich ADFS

This is a quick one:
If you want to customize your sign in site for ADFS, to show your excellent web designer skills, it is that easy and well described on this TechNet article:
http://technet.microsoft.com/en-us/library/dn280950.aspx Continue reading →