ADFS Help

Rory Braybrook

Published in

Tech Feed

3 min readOct 11, 2017

ADFS Help

“Resolve authentication issues faster!

No more searching for tools to help diagnose authentication issues. ADFS Help provides effective tools at one place that makes it easy for users and administrators to resolve authentication issues at a quicker pace.

We know issues can get complex when it comes to authentication. With ADFS Help it is easy to navigate even complex scenarios using the guided troubleshooting walkthroughs (coming soon)”.

The URL is:

adfshelp.microsoft.com

Currently, the tools are:

Claims X-Ray

In order to use this with your ADFS, you need to add an RP to your instance for WS-Federation and SAML-P. The PowerShell cmdlet to do this (Add-ADFSRelyingPartyTrust) is provided

If you have Server 2012 R2 or Server 2016 (i.e. ADFS 3.0 or 4.0), you can also use OAuth. You need to add a client via the PowerShell cmdlet “Add-ADFSClient”. Doing it this way will not show anything in the ADFS 4.0 Application wizard. It is done this way to cater for both server types.

Once you’ve done that, you provide the URL of your ADFS and the tool will download the metadata and set up the certificates etc. You also select “Authentication Type” and “Token Request”.

Obviously, if you select “Certificate” or “MFA”, your ADFS has to be pre-configured to allow this.

If you have configured everything correctly when you click “Test Authentication” and then authenticate on your ADFS using WS-Federation, you should get back:

Expanding this:

And the “Raw Token” shows the full RequestSecurityTokenResponse.

AAD Claims

These are the claims that are required when you have Azure AD and you federate your tenant with ADFS. When this is set up, when the user navigates to an Azure application, they are redirected to ADFS to authenticate.