Category Archives: Active Directory Federation Services

From the field: Colleagues in specific group encounter error “AADSTS50107 Requested federation realm object does not exist.”

Sometimes, you hit error messages that are just too vague to troubleshoot. I like these kinds of situations. This particular one is especially fun, because it requires some intermediate knowledge of Active Directory Federation Services in Hybrid Identity environments. My favorite subject.   The situation Single Sign-On (SSO) for organizations comes in many shapes and […]

0  

Would you like to manage AD FS on Windows Server 2016, too? No problem!

Yesterday, I blogged on the entirely new Management Pack for Active Directory Domain Services on Windows Server 2016. What I didn’t notice, until now, is that a management pack for Active Directory Federation Services is also available,   About the AD FS MP The Active Directory Federation Services (AD FS) Management Pack provides both proactive […]

0  

Pictures of the Microsoft Community event at Microsoft Hrvatska in Zagreb

The Croatian IT Pro User Group asked me to present a 75-minute session on the ‘Ten most common Mistakes with AD FS and Hybrid Identity’ at Microsoft Hrvatska in Zagreb yesterday. This event was shared with the Croatian IT Pros on the Microsoft Community website, and 56 people decided to sign up for the meeting, […]

0  

Pictures of Microsoft Network 6

As I mentioned last week, I was invited as a speaker for the Microsoft Network 6 event in Neum, Bosnia and Herzegovina. The venue for this event is the Grand Hotel Neum, which is a great hotel with superb conference rooms. Combined with Microsofts great staff and the absolutely delightful weather, speakers and attendees, this […]

0  

I’ll be speaking at Microsoft Hrvatska for IT Pro User Group Zagreb on April 21

Romeo Mlinar, a Hyper-V MVP from Croatia, asked me to speak at the Microsoft IT Pro User Group Zagreb at Microsoft Hrvatska on Thursday evening April 21, 2016. Since I’m in Croatia and Bosnia Microsoft NetWork/6 anyway, I might as well make myself useful. I will be presenting 75 minutes on: Ten most common mistakes […]

0  

Security Thoughts: Update for Active Directory Federation Services to Address Denial of Service (Important, MS16-020, KB3134222, CVE-2016-0037)

Today, Microsoft released MS16-020, a Security Bulletin addressing an issue with Active Directory Federation Services (AD FS) 3.0 on Windows Server 2012 R2. The vulnerability could allow denial of service if an attacker sends certain input data during forms-based authentication to an ADFS server, causing the server to become nonresponsive.   About Active Directory Federation […]

0  

AD FS Certificates Best Practices, Part 4: Configuring the AD FS Token Signing and -Decrypting Certs for a longer lifetime

This entry is part 4 of 4 in the series AD FS Certificates Best Practices

This entry is part 4 of 4 in the series AD FS Certificates Best PracticesMicrosoft Active Directory Federation Services implementations, typically, use three certificates for its functionality: Service communication certificate Token-signing certificate Token-decrypting certificate In the past three parts of this series, I’ve discussed the best practices I use when choosing the settings for my […]

0  

AD FS Certificates Best Practices, Part 3: Cryptographic Next Generation (CNG)-generated Private Keys

This entry is part 3 of 4 in the series AD FS Certificates Best Practices

This entry is part 3 of 4 in the series AD FS Certificates Best PracticesBecause Active Directory Federation Services (AD FS) rely heavily on certificates, you’ll want the most straightforward certificates as the Service Communications Certificate throughout your Active Directory Federation Services (AD FS) implementation. Notice however, that I’m not recommending to use the strongest […]

0  

AD FS Certificates Best Practices, Part 2: Key size

This entry is part 2 of 4 in the series AD FS Certificates Best Practices

This entry is part 2 of 4 in the series AD FS Certificates Best PracticesBecause Active Directory Federation Services (AD FS) rely heavily on certificates, you’ll want the most straightforward SSL/TLS certificate as the Service Communications Certificate throughout your Active Directory Federation Services (AD FS) implementation. Notice however, that I’m not recommending to use the […]

0  

AD FS Certificates Best Practices, Part 1: Hashing Algorithms

This entry is part 1 of 4 in the series AD FS Certificates Best Practices

This entry is part 1 of 4 in the series AD FS Certificates Best PracticesBecause Active Directory Federation Services (AD FS) rely heavily on certificates, you’ll want the most straightforward SSL/TLS certificate as the Service Communications Certificate throughout your Active Directory Federation Services (AD FS) implementation. Notice however, that I’m not recommending to use the […]

0