Windows 10: Windows Hello for Business OnPremise with certificate and without ADFS

Discus and support Windows Hello for Business OnPremise with certificate and without ADFS in Windows Hello & Lockscreen to solve the problem; Hello everyone,Is it possible to successfully implemented Windows Hello for Business for domain users with a domain Certificate Authority on W2019... Discussion in 'Windows Hello & Lockscreen' started by Uf.AJ01, Sep 13, 2024.

  1. UF.AJ01
    Uf.AJ01 Win User

    Windows Hello for Business OnPremise with certificate and without ADFS


    Hello everyone,Is it possible to successfully implemented Windows Hello for Business for domain users with a domain Certificate Authority on W2019 server and without AD FS, only with a simple CRA with a Windows Server Certificate Registration Authority role ? OnPremise only, no Entra or Azure stuffs.I am stuck on the certificate auto-enrollment part, I could rather use windows server role or CRL and OCSP but I do not want to use AD FS.Many thanks guys !!

    :)
     
    Uf.AJ01, Sep 13, 2024
    #1
  2. PABLO ALCOVER - INFOLOGIN SARL
    Pablo Alcover - INFOLogin SARL Win User

    Sharepoint 2019 OnPremise and ADFS authentication loop

    Hi,

    I'm setting up ADFS for Sharepoint 2019 OnPremise. Sucessfully integrated SPTrustedIdentityTokenIssuer with ADFS endpoint. I can also sucessfully login in ADFS test page.

    I'm stuck on the Sharepoint Sing in page loop after succesful ADFS user logon. I can see the eventid 4634 "logoff session" for that user in ADFS events.

    I need some assistance or guidelines as I've found nothing useful in forums.

    Your help is much appreciated.
     
    Pablo Alcover - INFOLogin SARL, Sep 13, 2024
    #2
  3. PABLO ALCOVER - INFOLOGIN SARL
    Pablo Alcover - INFOLogin SARL Win User
    Sharepoint 2019 OnPremise and ADFS authentication loop

    The indicated forum seems more dedicated to Office 365 services and it's Sharepoint Online. Have you already seen threads related to ADFS and Sharepoint OnPremise integration in that forum? Just asking before putting the question there.
     
    Pablo Alcover - INFOLogin SARL, Sep 13, 2024
    #3
  4. RIDHIMABHARDWAJ
    RidhimaBhardwaj Win User

    Windows Hello for Business OnPremise with certificate and without ADFS

    Adfs 3.0 certificate renewal challenge

    Hi Team,

    I tried renewing adfs certificates in my test lab

    Service communication

    Token signing

    Token decrypting

    For renewal, i installed certificates on 2 core and 2 WAP servers. Added token signing and token decrypting certificates. Then set service comunication.

    Then set new token signing and token decrypting certificates as primary.

    Then execute "set-adfssslcertificate" command

    Checked binding via netshh http command and set correct thumbprint for 0.0.0.0:443

    Restarted services on core servers

    On WAP, execute below commands,

    Set-webapplicationproxysslcertificate

    Set-webapplicationproxyapplication -thrumprint

    Restarted services on both WAP servers as well.

    Rebooted all four servers

    --------------------------------------

    After all these steps

    Adfs 3.0 is showing new certificates

    Netsh http command is showing thumprint of new certificate

    Adfs metadata file is showing new certificates

    Get-adfs certificates commands are showing new certificates

    Get-webapplicationproxyapplication is showing new certificate

    However when i checked on idpinitiated page it is still showing old certificate. Have no clue what went worng and why adfs 3.0 is still taking old certificates
     
    RidhimaBhardwaj, Sep 13, 2024
    #4
Thema:

Windows Hello for Business OnPremise with certificate and without ADFS

Loading...

  1. Windows Hello for Business OnPremise with certificate and without ADFS - Similar Threads - Hello Business OnPremise

  2. Windows Hello for Business OnPremise with certificate and without ADFS

    in Windows 10 Gaming
    Windows Hello for Business OnPremise with certificate and without ADFS: Hello everyone,Is it possible to successfully implemented Windows Hello for Business for domain users with a domain Certificate Authority on W2019 server and without AD FS, only with a simple CRA with a Windows Server Certificate Registration Authority role ? OnPremise only,...

  3. Windows Hello for Business OnPremise with certificate and without ADFS

    in Windows 10 Software and Apps
    Windows Hello for Business OnPremise with certificate and without ADFS: Hello everyone,Is it possible to successfully implemented Windows Hello for Business for domain users with a domain Certificate Authority on W2019 server and without AD FS, only with a simple CRA with a Windows Server Certificate Registration Authority role ? OnPremise only,...

  4. Sharepoint 2019 OnPremise and ADFS authentication loop

    in Windows 10 Gaming
    Sharepoint 2019 OnPremise and ADFS authentication loop: Hi,I'm setting up ADFS for Sharepoint 2019 OnPremise. Sucessfully integrated SPTrustedIdentityTokenIssuer with ADFS endpoint. I can also sucessfully login in ADFS test page.I'm stuck on the Sharepoint Sing in page loop after succesful ADFS user logon. I can see the eventid...

  5. Sharepoint 2019 OnPremise and ADFS authentication loop

    in Windows 10 Software and Apps
    Sharepoint 2019 OnPremise and ADFS authentication loop: Hi,I'm setting up ADFS for Sharepoint 2019 OnPremise. Sucessfully integrated SPTrustedIdentityTokenIssuer with ADFS endpoint. I can also sucessfully login in ADFS test page.I'm stuck on the Sharepoint Sing in page loop after succesful ADFS user logon. I can see the eventid...

  6. Windows hello for business

    in Windows 10 Software and Apps
    Windows hello for business: where do I find the newest documentation on hello for business? https://answers.microsoft.com/en-us/windows/forum/all/windows-hello-for-business/65cbde06-638c-4cfc-aa81-d05e1484921b

  7. Windows Hello for Business authentication without network

    in Windows 10 Gaming
    Windows Hello for Business authentication without network: Can Windows Hello for Business authentication succeed if the device let's say a laptop doesn't have a network connection? In this scenario, the laptop would not be able to communicate with Azure AD or an on-premises AD. Thank you....

  8. Windows Hello for Business authentication without network

    in Windows 10 Software and Apps
    Windows Hello for Business authentication without network: Can Windows Hello for Business authentication succeed if the device let's say a laptop doesn't have a network connection? In this scenario, the laptop would not be able to communicate with Azure AD or an on-premises AD. Thank you....

  9. Windows Hello for Business key trust configuration with ADFS

    in Windows Hello & Lockscreen
    Windows Hello for Business key trust configuration with ADFS: I'm looking to implement windows hello for business key trust modern managed topology with an ADFS server so mitigate the AAD connect sync back to on premise to map the public key to the AD user attribute.Do you know what configurations in ADFS are required for this...

  10. Windows hello for business on premise certification trust

    in Windows Hello & Lockscreen
    Windows hello for business on premise certification trust: Hello, i have tried to follow guide from microsoft https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs and upon "Configure the Registration Authority" step, i encounter error [ATTACH] This is my system...