Setup: ADFS 2.0 server configured Problem: The default rule “Send LDAP attributes as Claims” will add sAMAccountName attribute for every group in Claim token. If group name and sAMAccountName are different, you need custom rules to populate the Claim with group names. Solution: Create the following two custom rules:
Articles Tagged: ADFS
Copy claim rules from one Relying Party to another in ADFS 2.0
Setup: Existing ADFS 2.0 installation Problem: You create a new Relying Party Trust and want to copy all the claim rules from existing Relying Party Solution: Open Power Shell console and run this code After that issue the folowing command: Tips: Run this command to find out all RP names:
Update/Replace the certificate of Trusted Identity Provider in SharePoint 2010/2013
Setup: You have a SharePoint farm with web applications configured to use a Trusted Identity Provider aka. ADFS 2.0 Problem: The signing certificate of Trusted Identity Provider expired and you need to change it. Solution: Run these commands in SharePoint Shell on SharePoint server: Note. Replace ADFS from ?{$_.name -match “ADFS“} with the name of […]
Add new realm to existing trusted identity provider in SharePoint 2010/2013
Setup: You have a SharePoint farm with an web application configured to use ADFS 2.0 for authentication via Trusted Identity Provider. Problem: You want to add another web application to this SharePoint farm and configure the authentication via ADFS Solution: Open SharePoint PowerShell and issue the following commands: where appname is the alias of your […]
Enable ADFS 2.0 debug log
Setup: ADFS 2.0 Federation server Problem: You need to troubleshoot some authentication issues and check the claims sent to RP Solution: Run the following command from a command prompt: Open Event Viewer, click the View menu and select Show Analytic and Debug Logs. This must be enabled for the AD FS 2.0 Tracing log to […]
ADFS 2.0 Copy claim rules from one Relying Party to another
Setup: Existing ADFS 2.0 setup Problem: You create a new Relying Party Trust and want to copy all the claim rules from similar RP Solution: Open PowerShell console and run this code After that issue the folowing command: Tips: Run this command to find out all RP names: