AD FS Device Registration vs NPS [closed]
If I use AD FS Device Registration are there any reasons to use an NPS Server?
Category Archives: ADFS
Server to server- local account or IdP?
For an organisation I work with, the policy for internally developed applications has been to use AD accounts for running services or service integrations (their AD is full of SA_AppName_purpose). Main reasons being visibilit… Continue reading Server to server- local account or IdP?
Active Directory with multi factor authentication for an existing web application
Customer is asking for LDAP / Active Directory authentication along with OTP (one time password) / multi-factor authentication for an old existing web application written in (asp.net MVC2). Is this possible?
Currently, we ar… Continue reading Active Directory with multi factor authentication for an existing web application
Security Advisory: Targeting AD FS With External Brute-Force Attacks
On July 2019 Patch Tuesday, Microsoft released a patch for CVE-2019-1126, an important vulnerability discovered by Preempt Research Labs. The vulnerability discovered leads to security issues that create a wide scale denial-of-service against expo… Continue reading Security Advisory: Targeting AD FS With External Brute-Force Attacks
What a malicious user could do with a refresh token that cannot be revoked and has 1 year expiry time?
In ADFS 4.0 a refresh token cannot be renowed without passing through an authorization request flow (asking the user again for credentials) and cannot be revoked.
I’m forced to put a 1 year lifetime for the refresh token to … Continue reading What a malicious user could do with a refresh token that cannot be revoked and has 1 year expiry time?
Masking sensitive info in WS-trust token exchange logs
I have a WS-Trust workflow, for which I need to provide debug logging of the token exchanges.
The messages that are sent are
RST/Issue for Symmetric Key
RSTR with Symmetric Key
RST/Issue for Bearer Token using encrypted … Continue reading Masking sensitive info in WS-trust token exchange logs
Masking sensitive info in WS-trust token exchange logs
I have a WS-Trust workflow, for which I need to provide debug logging of the token exchanges.
The messages that are sent are
RST/Issue for Symmetric Key
RSTR with Symmetric Key
RST/Issue for Bearer Token using encrypted … Continue reading Masking sensitive info in WS-trust token exchange logs
How to protect a login page redirect
I have several web based applications that will redirect unauthenticated users to an ADFS sign-in page. ADFS will subsequently redirect users back to a web application once authenticated with a token.
Since the web applicati… Continue reading How to protect a login page redirect
Microsoft ADFS flaw allows attackers to bypass MFA safeguards
A vulnerability (CVE-2018-8340) in Microsoft Active Directory Federation Services (ADFS) allows a second authentication factor for one account to be used for all other accounts in an organization, Okta REX Security Engineer Andrew Lee has discovered. B… Continue reading Microsoft ADFS flaw allows attackers to bypass MFA safeguards
Microsoft Flaw Allows Full Multi-Factor Authentication Bypass
This is similar to taking a room key for a building and turning it into a skeleton key that works on every door in the building. Continue reading Microsoft Flaw Allows Full Multi-Factor Authentication Bypass