ADFS windows 2016 Setup

This topic contains 13 replies, has 4 voices, and was last updated by  danny230681 2 months ago.

Viewing 14 posts - 1 through 14 (of 14 total)
  • Author
    Posts

  • danny230681
    Member
    #167703

    Hi all,

    I have finished the setup of ADFS on windows 2016 Server.
    However if i test it (https://fs.systemeccloud.nl/adfs/.we…-configuration)
    The response shows a little gibberish…

    {“issuer”:”https://fs.systemeccloud.nl/adfs”,”authorization_endpoint”:”https://fs.systemeccloud.nl/adfs/oauth2/authorize/”,”token_endpoint”:”https://fs.systemeccloud.nl/adfs/oauth2/token/”,”jwks_uri”:”https://fs.systemeccloud.nl/adfs/discovery/keys”,”token_endpoint_auth_methods_supported”:[“client_secret_post”,”client_secret_basic”,”privat e_key_jwt”,”windows_client_authentication”],”response_types_supported”:[“code”,”id_token”,”code id_token”,”id_token token”,”code token”,”code id_token token”],”response_modes_supported”:[“query”,”fragment”,”form_post”],”grant_types_supported”:[“authorization_code”,”refresh_token”,”client_crede ntials”,”urn:ietf:params:oauth:grant-type:jwt-bearer”,”implicit”,”password”,”srv_challenge”],”subject_types_supported”:[“pairwise”],”scopes_supported”:[“winhello_cert”,”openid”,”email”,”user_impersonati on”,”profile”,”aza”,”allatclaims”,”logon_cert”,”vp n_cert”],”id_token_signing_alg_values_supported”:[“RS256”],”token_endpoint_auth_signing_alg_values_supported “:[“RS256″],”access_token_issuer”:”http://fs.systemeccloud.nl/adfs/services/trust”,”claims_supported”:[“aud”,”iss”,”iat”,”exp”,”auth_time”,”nonce”,”at_ha sh”,”c_hash”,”sub”,”upn”,”unique_name”,”pwd_url”,” pwd_exp”,”mfa_auth_time”,”sid”],”microsoft_multi_refresh_token”:true,”userinfo_en dpoint”:”https://fs.systemeccloud.nl/adfs/userinfo”,”capabilities”:[],”end_session_endpoint”:”https://fs.systemeccloud.nl/adfs/oauth2/logout”,”as_access_token_token_binding_supported”: true,”as_refresh_token_token_binding_supported”:tr ue,”resource_access_token_token_binding_supported” :true,”op_id_token_token_binding_supported”:true,” rp_id_token_token_binding_supported”:true,”frontch annel_logout_supported”:true,”frontchannel_logout_ session_supported”:true}

    Can anyone point me in the right direction?


    wullieb1
    Participant
    #245822

    What did you follow to setup ADFS??

    Have you followed this guide??

    https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/windows-server-2012-r2-ad-fs-deployment-guide


    danny230681
    Member
    #252935

    Yes i did, when i browse to https://fs.systemeccloud.nl/adfs/fs/federationserverservice.asmx it shows the xml page as described in the document.
    However is i try the openid i get this weird syntax…. https://


    danny230681
    Member
    #252936

    Yes i did, if i browse to https://fs.systemeccloud.nl/adfs/fs/federationserverservice.asmx it seems all ok, i get the expected xml.
    But the openid shows strange urls and no crlf in it…
    https is: https://


    danny230681
    Member
    #252937

    Yes i did but the response of https://fs.systemeccloud.nl/adfs/.well-known/openid-configuration is kind of wrong.

    It should be something like: https://accounts.google.com/.well-known/openid-configuration

    but in our environment it shows https://


    biggles77
    Spectator
    #214479

    For some reason danny230681, 2 of your above posts were not Approved. We soon hope to not have this as a “feature” of the Forums. Due to the mentioned “feature” you have a bit of a double post but let’s not concern ourselves with that and concentrate on resolving your issue.

    Our apologies for any frustration this “feature” has caused.


    danny230681
    Member
    #252938

    eeek yes i see…. sorry.
    back to the issue, you see the difference?


    biggles77
    Spectator
    #214484

    Hi danny, please check your PM.

    Thanks. :grin:


    danny230681
    Member
    #252939

    I managed to solve the problem….


    Ossian
    Moderator
    #192117

    Well done, but for the benefit of others in the same situation, could you please tell us how?


    danny230681
    Member
    #252940

    Yes well it turned out that this was not the issue at all, the other party made a wrong entry in their documentation……


    Ossian
    Moderator
    #192121

    Ah, the perennial problem with ADFS – the other side FUBARed


    danny230681
    Member
    #252941

    Well, it gets even more exiting….

    I managed to get in contact with that perticular engineer and i told him.
    He made it clear that there was no mistake on their side but that i made a mistake….
    So i asked him to join me in a teamviewer session, so he did……
    I showed him and he told me that i made a screenshot their documentation and changed it….
    When i than asked him to visit the manual it at his own computer he told me that if he does this he has to bill me for support.
    I asked him where i can send my bill to, than he got mad and closed the call….
    And surprisingly a couple of minutes later the document has been altered hahahaha.
    Nevertheless i downloaded the origional manual with the faulty part in it, shall i mail it to him?


    Ossian
    Moderator
    #192124

    I would (IMHO) tread VERY carefully before starting an inter-company conflict which will bring both parties into disrepute as each slags off the other.

    Personally, gather up all the evidence, including the original and amended documentation (with screenshots of file stamps etc.) and present it to your management – they should then deal with his management as that is what they are paid the big bucks for. If you try to do it yourself, you have no idea what unknowns there are (e.g. both CEOs are golfing buddies and share a mistress*) so you may find you land yourself deeper and deeper in the brown stuff.

    *In the interests of equality, “mistress” does not imply any specific gender, and may indeed be multi-gendered.

Viewing 14 posts - 1 through 14 (of 14 total)

You must be logged in to reply to this topic.