Windows 10: Windows Hello for Business key trust configuration with ADFS

I'm looking to implement windows hello for business key trust modern managed topology with an ADFS server so mitigate the AAD connect sync back to on premise to map the public key to the AD user attribute.Do you know what configurations in ADFS are required for this configuration?

:)

 

ADFS SAML setup

Hello,

I have questions regarding ADFS SAML configuration.

I have been charged with setting up ADFS SAML and connecting our system with clarity safetyzone.

I am using Using windows serv 2019 platform for the servers. I have created a test environment that has a domain controller, server with ADCS, and another server with ADFS. I have a certificate created within the ADCS server and I installed ADFS on the
respective server. I verified after installation of the role and configuring an adfs administrator that the adfs administrator can sign into the https://sts.contoso.com/adfs/ls/idpinitiatedsignon.aspx, I created a windows test account and logged into the
adfs server for testing purposes and when navigating to the https://sts.contoso.com/adfs/ls/ and attempting to sign in with that user, I get an error:

An error occurred
An error occurred. Contact your administrator for more information.
Error details
Activity ID: f68cc99a-b6e5-40dc-1a00-0080000000e5Error details: MSIS7065: There are no registered protocol handlers on path /adfs/ls/ to process the incoming request.Node name: 85253664-435b-4d04-8775-d4b96854cb12Error time: Mon, 02 Nov 2020 20:11:16 GMTCookie:
enabledUser agent string: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36

I have everyone permitted for intranet access in the Access Control Policies.
Am i missing something? Once i can verify that a standard user can login, then i can move on to the step of setting up the appropriate claims/trusts.

Does anyone have experience with this and maybe even experience with the Clarity Safety Zone platform?

 

adfs 4.0

Thanks Skypper for the reply

Basically i am not updating TLS, i support adfs which is configured with 2016 server and we have a sso(relying party trust) created with one of the vendor.

I received a e-mail stating they are plannning to update the TLS 1.1 to 1.2, all i want to know is will it impact active SSO configuration.

And also on a note my adfs configured with third party SSL certificate.

Thanks in advance

 

ADFS Integration

Hi,

Actually we are developing an Enterprise SaaS Application (Mobile Application which calls a web API) hosted on Azure App service , and we need to build our application to integrate with customers through ADFS. That allows customer's employees to use the
on-premises active directory identity to access our services seamlessly.

We are totally aware of the ADFS different protocols/relaying party trust configuration/tokens/Claims but still we have a question

Q: Should we as a service provider (Resource Owner) build an ADFS farm ( as per Reference : Federate with a customer's AD FS - Azure Architecture Center )
OR just develop our application to redirect the request to the customer's ADFS (Account owner) and validate tokens of the customer....... (as per Reference : https://docs.microsoft.com/en-us/wi...ad-fs/overview/ad-fs-scenarios-for-developers)
?

Thanks,

Omnia