Reputation: 415
ADFS 3.0 certificate authentication
I'm trying to configure ADFS 3.0 to use certificate authentication but when I open a browser and go to my webapplication, the ADFS 3.0 page displays a message as "Select a certificate that you want to use for authentication.
I've read some posts about the firewall may block port 49443 and that just may be the case here. The problem is that I read and read on msdn but I still dont quite get the certificate authentication process.
My smartcard contains a certificate which is supposed to be used to authenticate me on ADFS. When I use mmc to look at "AdfsTrustedDevices" there are no certificates at all.
So to my question: Do I add the certificate-chain(All issuers) on my smartcard-certificate to the above mentioned AdfsTrustedDevices?
Upvotes: 0
Views: 2558
Answers (1)
Reputation: 781
For certificate authentication, you need the following:
- Client to ADFS/WAP should have access to port 49443
- Ensure that all the roots/intermediaries of your PKI are installed on each ADFS/WAP server. These should be in the standard root/intermediate authority stores. ADFS will then use this to send in the issuer hint in the SSL challenge.
- Also make sure that you don't have duplicates and don't put the intermediates in the root store and vice versa as Windows OS does not like that.
- If you are using Windows, ensure that the browser settings allow certificate authentication
I think in your case, you are prompted so the issue is likely the second bullet.
Upvotes: 1
Related Questions
- Building Custom Authentication Method for ADFS 2019 (v4)
- Custom authentication adapter in ADFS as a primary step
- AD FS 2.0 certificate issue
- ADFS authentication with windows credentials
- ADFS 3.0 custom login based on relying party
- Integrating IdentityServer3 with ADFS
- SSO from ADAL in WPF Client to ADFS 3.0 on Windows Server 2012 R2
- Implementing active authentication using ADFS
- ADFS Active Authentication .NET 4.5 (Post-WIF)
- Authentication with ADFS 2.0