Announcement

Collapse
No announcement yet.

ADFS windows 2016 Setup

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • ADFS windows 2016 Setup

    Hi all,

    I have finished the setup of ADFS on windows 2016 Server.
    However if i test it (https://fs.systemeccloud.nl/adfs/.we...-configuration)
    The response shows a little gibberish...

    {"issuer":"https:\/\/fs.systemeccloud.nl\/adfs","authorization_endpoint":"https:\/\/fs.systemeccloud.nl\/adfs\/oauth2\/authorize\/","token_endpoint":"https:\/\/fs.systemeccloud.nl\/adfs\/oauth2\/token\/","jwks_uri":"https:\/\/fs.systemeccloud.nl\/adfs\/discovery\/keys","token_endpoint_auth_methods_supported":["client_secret_post","client_secret_basic","pr ivat e_key_jwt","windows_client_authentication"],"response_types_supported":["code","id_token","code id_token","id_token token","code token","code id_token token"],"response_modes_supported":["query","fragment","form_post"],"grant_types_supported":["authorization_code","refresh_token","client_c rede ntials","urn:ietfaramsauth:grant-type:jwt-bearer","implicit","password","srv_challenge"],"subject_types_supported":["pairwise"],"scopes_supported":["winhello_cert","openid","email","user_imperso nati on","profile","aza","allatclaims","logon_cert"," vp n_cert"],"id_token_signing_alg_values_supported":["RS256"],"token_endpoint_auth_signing_alg_values_suppor ted ":["RS256"],"access_token_issuer":"http:\/\/fs.systemeccloud.nl\/adfs\/services\/trust","claims_supported":["aud","iss","iat","exp","auth_time","nonce","a t_ha sh","c_hash","sub","upn","unique_name","pwd_url" ," pwd_exp","mfa_auth_time","sid"],"microsoft_multi_refresh_token":true,"userinfo _en dpoint":"https:\/\/fs.systemeccloud.nl\/adfs\/userinfo","capabilities":[],"end_session_endpoint":"https:\/\/fs.systemeccloud.nl\/adfs\/oauth2\/logout","as_access_token_token_binding_supported": true,"as_refresh_token_token_binding_supported":tr ue,"resource_access_token_token_binding_supported " :true,"op_id_token_token_binding_supported":true," rp_id_token_token_binding_supported":true,"frontch annel_logout_supported":true,"frontchannel_logout_ session_supported":true}


    Can anyone point me in the right direction?

  • #2
    What did you follow to setup ADFS??

    Have you followed this guide??

    https://docs.microsoft.com/en-us/win...ployment-guide

    Comment


    • #3
      Yes i did, when i browse to https://fs.systemeccloud.nl/adfs/fs/...erservice.asmx it shows the xml page as described in the document.
      However is i try the openid i get this weird syntax.... https:\/\/

      Comment


      • #4
        Yes i did, if i browse to https://fs.systemeccloud.nl/adfs/fs/...erservice.asmx it seems all ok, i get the expected xml.
        But the openid shows strange urls and no crlf in it...
        https is: https:\/\/

        Comment


        • #5
          Yes i did but the response of https://fs.systemeccloud.nl/adfs/.we...-configuration is kind of wrong.

          It should be something like: https://accounts.google.com/.well-kn...-configuration

          but in our environment it shows https:\/\/

          Comment


          • #6
            For some reason danny230681, 2 of your above posts were not Approved. We soon hope to not have this as a "feature" of the Forums. Due to the mentioned "feature" you have a bit of a double post but let's not concern ourselves with that and concentrate on resolving your issue.

            Our apologies for any frustration this "feature" has caused.
            1 1 was a racehorse.
            2 2 was 1 2.
            1 1 1 1 race 1 day,
            2 2 1 1 2

            Comment


            • #7
              eeek yes i see.... sorry.
              back to the issue, you see the difference?

              Comment


              • #8
                Hi danny, please check your PM.

                Thanks.
                1 1 was a racehorse.
                2 2 was 1 2.
                1 1 1 1 race 1 day,
                2 2 1 1 2

                Comment


                • #9
                  I managed to solve the problem....

                  Comment


                  • #10
                    Well done, but for the benefit of others in the same situation, could you please tell us how?
                    Tom Jones
                    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                    PhD, MSc, FIAP, MIITT
                    IT Trainer / Consultant
                    Ossian Ltd
                    Scotland

                    ** Remember to give credit where credit is due and leave reputation points where appropriate **

                    Comment


                    • #11
                      Yes well it turned out that this was not the issue at all, the other party made a wrong entry in their documentation......

                      Comment


                      • #12
                        Ah, the perennial problem with ADFS - the other side FUBARed
                        Tom Jones
                        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                        PhD, MSc, FIAP, MIITT
                        IT Trainer / Consultant
                        Ossian Ltd
                        Scotland

                        ** Remember to give credit where credit is due and leave reputation points where appropriate **

                        Comment


                        • #13
                          Well, it gets even more exiting....

                          I managed to get in contact with that perticular engineer and i told him.
                          He made it clear that there was no mistake on their side but that i made a mistake....
                          So i asked him to join me in a teamviewer session, so he did......
                          I showed him and he told me that i made a screenshot their documentation and changed it....
                          When i than asked him to visit the manual it at his own computer he told me that if he does this he has to bill me for support.
                          I asked him where i can send my bill to, than he got mad and closed the call....
                          And surprisingly a couple of minutes later the document has been altered hahahaha.
                          Nevertheless i downloaded the origional manual with the faulty part in it, shall i mail it to him?

                          Comment


                          • #14
                            I would (IMHO) tread VERY carefully before starting an inter-company conflict which will bring both parties into disrepute as each slags off the other.

                            Personally, gather up all the evidence, including the original and amended documentation (with screenshots of file stamps etc.) and present it to your management - they should then deal with his management as that is what they are paid the big bucks for. If you try to do it yourself, you have no idea what unknowns there are (e.g. both CEOs are golfing buddies and share a mistress*) so you may find you land yourself deeper and deeper in the brown stuff.

                            *In the interests of equality, "mistress" does not imply any specific gender, and may indeed be multi-gendered.
                            Last edited by Ossian; 19th September 2018, 19:46.
                            Tom Jones
                            MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                            PhD, MSc, FIAP, MIITT
                            IT Trainer / Consultant
                            Ossian Ltd
                            Scotland

                            ** Remember to give credit where credit is due and leave reputation points where appropriate **

                            Comment

                            Working...
                            X