volume_up

A critical vulnerability was discovered in React Server Components (Next.js). Our systems remain protected but we advise to update packages to newest version. Learn More

volume_up

A critical vulnerability was discovered in React Server Components (Next.js). Our systems remain protected but we advise to update packages to newest version. Learn More
AI OnAI Offsmart_toy

Episerver CMS ADFS 3.0 Configuration

Manjunath j
Manjunath j
Vote:
expand_less 0 expand_more

What are coonfigurations for ADFS 3.0 server to work with EpiServer CMS. implemented these - http://world.episerver.com/documentation/Items/Developers-Guide/Episerver-CMS/9/Security/federated-security/  http://world.episerver.com/blogs/Kalle-Ljung/Dates/2014/11/using-azure-active-directory-as-identity-provider/  working in azure cloud, but not in local ADFS 3.0 

#151396
Jul 20, 2016 12:27
Johan Kronberg
Johan Kronberg
Vote:
expand_less 0 expand_more

Is the ADFS configured to have endpoints for WS-Federation? Do you have other apps working against the ADFS Server?

#155054
Sep 08, 2016 12:30
Bjørn Terje Svennes
Bjørn Terje Svennes
Vote:
expand_less 0 expand_more

Johan Kronberg: I'm trying to use ADFS with federation and I see that you asked a question about ADFS and endpoints for WS-Federation some time ago. I've been requested to supply the ADFS endpoint for WS-FederationPassiv protocols in ADFS, but have no idea what this means. Do you know anything about this?

#176787
Mar 27, 2017 13:05
Johan Kronberg
Johan Kronberg
Vote:
expand_less 0 expand_more

If you click on the Service\Endpoints folder in the ADFS snap-in you can see the endpoints. Look for the FederationMetadata.xml URL and browse it.

#176798
Edited, Mar 27, 2017 14:26
Bjørn Terje Svennes
Bjørn Terje Svennes
Vote:
expand_less 0 expand_more
<p>Sorry for taking some time answering. My email was blocked as spam by Episerver.</p> <p>What I was looking for is the&nbsp;<span>WS-FederationPassiv endpoint on the Episerver site. We tried using the same URL as the&nbsp;Relying Party Trust. Seems to be working ok.</span></p>
#176843
Mar 29, 2017 8:32
Johan Kronberg
Johan Kronberg
Vote:
expand_less 0 expand_more

Is your Epi site MVC or Web Forms?

#176844
Mar 29, 2017 8:42
Bjørn Terje Svennes
Bjørn Terje Svennes
Vote:
expand_less 0 expand_more

It's a MVC-site.

#176845
Mar 29, 2017 8:42
Johan Kronberg
Johan Kronberg
Vote:
expand_less 0 expand_more

I usually set the startpage. Something in Microsoft.Owin.Security.WsFederation will catch those requests on any URL I think.

There was some trick needed for Web Forms but not for MVC.

#176846
Mar 29, 2017 9:00
Bjørn Terje Svennes
Bjørn Terje Svennes
Vote:
expand_less 0 expand_more

I guess that's why it's working since we use the startpage URL as Relying Party Trust (Wtrealm) too. Thank you very much for your input.

#176847
Mar 29, 2017 9:02
Johan Kronberg
Johan Kronberg
Vote:
expand_less 0 expand_more

It's smart (I hope :) ) to use a bogus value (something https://customer-x-prod) for WtRealm to clearify that it's not a URL that needs to be working but only used for referencing.

#176848
Mar 29, 2017 9:09
Bjørn Terje Svennes
Bjørn Terje Svennes
Vote:
expand_less 0 expand_more

Yes, I see your point. The WtRealm was decided by the people responsible for the ADFS. But I will pass you advice through to them.

#176849
Mar 29, 2017 9:11
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.