I'm trying to figure out, if it's possible to authenticate via an on-premise ADFS, using OpenID Connect?
I wasn't able to find any examples on that - is this scenario supported? Or should I federate ADFS with AAD?
No, ADFS 1.0/2.0 do not support OpenID Connect.
Update: the newest version of ADFS i.e. ADFS 2016 does.
As of Windows Server 2016 RTM - OpenID Connect is now fully supported.
Related
We currently have Azure Active Directory O365 edition, but need to know what editions support Open ID Connect (OIDC). I have been reviewing documentation and pricing matrixes but cannot tell for sure.
Simply put, All.
Even the free AAD edition supports OIDC.
No matter which edition your O365 is, you have the associated AAD tenant. So you can definitely use OIDC to configure login authentication for your users.
Is there a way to AUTHENTICATE to Azure Sql DB with DBeaver with MFA enabled? Our organization use Azure Active Directory Universal - Universal with MFA to authenticate user to the DBs. Is there a way to use Dbeaver instead of MSSMS?
The tool uses the jdbc driver to connect azure SQL. Now, the driver does not support Azure AD with MFA. So we have no way to do these. For more details, please refer to here and here
In our current, authentication request from azure to on-premise AD goes via a Optimal IDM tool (this is 3rd party tool which is being used for account synchronization and federation service). Now our requirement is to redirect the authentication request of a particular federated domain in Azure from azure to on-premise AD via ADFS server (instead of Optimal IDM tool).
kindly provide the steps/commands to achieve this.
Thanks
Sunil Sharma
Azure AD Connect would be your best bet now.
Detailed guidance is available here - https://learn.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectfed-whatis
As I read the documentation, ADFS 3.0 can only use ldap authentication stores.
The IAuthenticationAdapter (in Microsoft.IdentityServer.Web.dll) can only be used as secondary authentication for a user existing in an ldap store.
Is this understanding correct?
ADFS 3,0 can only authenticate against AD; not against any LDAP (although that feature is coming in ADFS vNext (ADFS 4.0?).
Refer - How to create a Custom Authentication Provider for Active Directory Federation Services on Windows Server 2012 R2 as an example of a secondary MFS provider.
Can an Active Directory be used as an OpenID provider? WIF is an option, but it's quite complicated and not very widespread.
Yes, you can. Just host an ASP.NET web site that itself uses Active Directory authentication, and exposes an OpenID Provider using DotNetOpenAuth.
ADFS 4.0, available from Windows Server 2016 onwards, allows authentication using OpenID.
There is also OpenID-LDAP server which claims to work with AD LDAP.
Or you can use RedHat Keycloak, which leverages any LDAP or Kerberos Server as a repository to be used with OIDC or even with poor man's auth SAML.