Showing posts from June, 2012

ADFS 2.0 Default Claims Provider

  In situation where you have multiple Claims Providers the HomeRealDiscovery.aspx page may confuse users. As you can see here I have created a second claims provider called test. User may not know which one to use. FIX 1 – Well not really a fix as much as a way to reduce this issue. One way to help with this confusion is by setting the persistIdentityProviderInformation enabled value to true and the lifetimeInDays value to something like 30 in the web.config located at C:\inetpub\adfs\ls .  This will allow users to only have to select their claim provider every 30 days. FIX 2 – Update your web application to allow for WHR parameter Another way to allows users to divert the HomeRealDiscovery page is by adding functionality to your web application that allows the whr parameter to determine which claim provider will be used when doing the redirect to ADFS.  Again this code all goes into your web application and does not require any additional work on the ADFS website. Add a

Limited Access to Program Data folder in AD for ADFS 2.0

If you work in an environment where you have no write access to the ‘Program Data’ folder in AD you can still install ADFS 2.0 but you will need to use the command prompt. First Retrieve the Certificate Thumbprint for the Singing Cert and the Decrypt Cert.  Since this was a test machine I was using the same certificate for both, but in a production environment you will probably have separate certs for each. To retrieve a certificate's thumbprint Open the Microsoft Management Console (MMC) snap-in for certificates. (See How to: View Certificates with the MMC Snap-in .) In the Console Root window's left pane, click Certificates (Local Computer) . Click the Personal folder to expand it. Click the Certificates folder to expand it. In the list of certificates, note the Intended Purposes heading. Find a certificate that lists Client Authentication as an intended purpose. Double-click the certificate. In the Certificate dialog box, click the Details tab. Scro