ADFS Claims depending on multiple conditions such as group membership and password expiry

för 1 år sedan

In this post I will quickly demonstrate how to achieve a ADFS Claims depending on two different conditions. This specific case is about the password expiry claims that we only want to show for users that are member in a specific Active Directory group. First… Read More

Changing default ADFS Decrypt/Signing Certificate lifetime from 1 year to X years

för 1 år sedan

ADFS 2.0 and above versions have a feature called AutoCertificateRollover that will automatically updates the Decrypt and Signing certificates in ADFS, and by default these certificates will have a lifetime of 1 year. If you have federations (Relying Party Trusts) configured and the Service Provider (SP) is not using the… Read More

Azure AD Connect and .NET Framework 4.7.2

för 2 år sedan

Introduction Last week a discussion erupted on Microsoft forums regarding Azure AD Connect due to it’s Monitoring Agent using all free resources of CPU on the servers. These issues were caused by a .NET Framework update and a lot of administrators spent time uninstalling and blocking these patches to… Read More

Using NetScaler as OpenID Connect SP with ADFS as IDP

för 2 år sedan

How do you configure Citrix NetScaler OpenID Connect Service Provider with Microsoft ADFS as OpenID Connect Identity Provider? I've tried making it easy to understand and how you do it using CLI (NetScaler CLI and powershell). Read this post for doing this with SAML. Read More

Using NetScaler as SAML SP with ADFS as IDP

för 2 år sedan

How do you configure Citrix NetScaler SAML Service Provider with Microsoft ADFS as SAML Identity Provider? I’ve tried making it easy to understand and how you do it using CLI (NetScaler CLI and powershell). Before we begin, let us look at what we need to establish the federation: NetScaler… Read More

Prepopulate username with NetScalers RfWebUI

för 3 år sedan

We’ve been seeing an issue with AAA in front of ADFS where credentials entered at the service provider (Office 365 for example) doesn’t populate the username in the NetScaler login, which works with ADFS. This isn’t the biggest issue, but something that makes it annoying to use AAA instead of… Read More

Redirect users with mailboxes in Office 365 from Exchange using NetScaler

för 3 år sedan

I wrote a blog post about smart links to Office 365, but there’s also a way to make sure users with their mailboxes in Office 365 automatically are redirected to their Outlook Web Access there (with SSO). They key lies in using a 307 redirect instead of 301 or… Read More

Office 365 smart links with NetScaler and ADFS

för 3 år sedan

A common issue in organizations moving to Office 365 is the different URLs the users have to remember. This can be made easier by for example smart links, where the users only have to remember something like ”office.example.com” or ”onedrive.example.com”. This is something we can easily do with NetScaler… Read More

Manually configuring Unified Gateway

för 4 år sedan

I’m writing this post in English to make it easier for our non-Swedish readers. I’m going to try and explain how to configure Unified Gateway, without the wizard! I’ll try to let the commands speak for themselves, but feel free to comment if you need me to add some… Read More

ADFS – Test av autentisering

för 4 år sedan

Efter en installation och konfiguration av ADFS vill man säkerställa att autentisering fungerar, ett enkelt sätt att testa detta är att besöka: https://fqdn.contoso.com/adfs/ls/idpinitiatedsignon Sitter man internt, får man möjligheten att klicka på Sign In och därefter är man inloggad:   Sitter man externt får… Read More