ADFS Product Support Blog

  • ADFS Certificates - SSL, Token Signing, and Client Authentication Certs

    We are seeing quite a few support calls relating to certificate problems. Many of these are due to a misunderstanding of how the various certificates are used. ADFS/PKI issues are often very difficult to diagnose for the following reason – a lack of...
  • Adding an ADFS Proxy Server

    I'm going on an hour trying to get the screen shots formatted correctly. Live Writer is making them too small. I'll just attach the word document to the end if you want to see the pictures better. I'm done messing around with this for now! If you know...
  • ADFS Diagnostic Tool

    A huge thanks to the ADFS test team for developing such a great tool. Here is a quick "how to" The tool is very simple to use and provides a graphical UI. In order to perform distributed diagnosis, i.e. diagnose failures based on the configuration...
  • Setting up an ADFS lab environment - Part 1

    In this blog, I’ll go though the PKI portion of setting up Trey Research and Adatum. While you can do this a number of different ways – I always setup and use a Standalone CA instead of generating self-signed certificates. In my opinion, setting up...
  • Using ADFS with Constrained Delegation

    With ADFS - the authentication token issued is good for the web server with the agent installed. It is a local RPC token and cannot go off the box. With some additional configuration, you can configure ADFS to go off the box and delegate with a kerbitized...
  • Setting up an ADFS environment - Part 2

    This blog will build on my previous blog and walk you through the steps to getting your lab up and running. Let’s start on the Account side and install the Federation Server Service. Select add/remove programs, windows components, details of Active...
  • Configuring SQL Reporting Services to use ADFS Authentication

    Special thanks to Rahul Shelar and Sachin Mundra from the ADFS and SQL teams for working with me on this latest issue. Without their help, I would still be banging my head against the wall. I learned quite a bit about SSRS along the way and also learned...
  • Interesting problem when adding an ADFS Proxy

    I am working on a blog post (step-by-step) for the Proxy component and I ran into a problem yesterday that ran me around pretty good. We have seen this issue or variations of it on some support cases recently, so I thought the actual problem itself would...
  • Installing MOSS as a claims aware application in ADFS

    Hi, this is Jim Simonet from the Enterprise Platform Support team and Steve Peschka from the SharePoint Ranger team. In this blog we’re going to talk about how to configure Active Directory Federated Services (ADFS) with SharePoint 2007. We have actually...
  • Understanding Organizational Group Claims

    I created a list of topics last night that I think will be useful to put up here…Going in any kind of order will be too tough for me (lazy) and I’m afraid it would slow down my blog production. Please let me know if you would like to see something specific...
  • ADFS Claims Aware Virtual Lab - now online

    I recently worked with the folks that handle the virtual labs for Technet. We corrected the certificate issues and some other minor issues. You can access the lab here . Event Overview: After completing this lab, you will be better able to set-up a trust...
  • Office Integration with MOSS and ADFS

    Previously, Office Integration with SharePoint secured by forms based authentication was not possible. The new ability of the Office client applications in Office 2007 SP2 to perform a forms login helps to solve this problem. You will need to install...
  • The NT Token Cache

    The NT Token cache on the web server – Maybe you didn’t know this even existed… Consider this scenario: You are setting up ADFS in a federated scenario with SharePoint configured as a token based application. The initial setup has miscellaneous...
  • ADFSDiag has been updated again!

    The updated tool can be found here . The attachment contains both 32 and 64 bit installers. A cool new feature - Claim Flow Analysis has been added to this version. I'll write up a quick blog on how to use this feature soon.
  • IFSEXT.DLL and the dialog box that is so very WRONG

    Ifsext.dll is the ADFS ISAPI used by the Token based Web Agent...We have seen issues before where we either need to add this manually or move it to the top of the list on the application config section of IIS. Once you go the properties of a web site...
  • Enabling debug logging for Claims Aware Applications

    Place the following in your applications web.config file. Place this after the </system.net> section of the file. <system.diagnostics> <switches> <add name="WebSsoDebugLevel" value="15" /> </switches> ...
  • Update on configuring MOSS as a claims aware application

    ====================================================================================== UPDATE: I'm not going to remove this blog or the original blog on the web.config entries - but I do want to make note that these web.config files should not be...
  • Script to configure SharePoint to use ADFS authentication

    More great tools by the ADFS team... Problems with the web.config files are one of the more common issues we see with ADFS/MOSS cases in PSS. Now there is a script with will make the modifications for you. It is located on the SharePoint team blog...
  • MS Virtual Lab - A PKI troubleshooting exercise

    I was going through some old items and came across this link for an on-line ADFS lab. I decided to run through the lab (takes about an hour). There are problems with it. The title of this blog tells you what these problems are. I can tell it's an old...
  • Introduction

    Hello, My name is Jim Simonet and I work with the Microsoft PSS Directory Services Group. I work with a small team within Directory Services that supports the majority of ADFS issues at Microsoft. I'm creating this blog space to post about lessons...