Notice the number of ADFS hits!
Enjoy!
Wednesday, September 24, 2014
Misc : Popular posts
There is a little widget that's supposed to do this but here are the actual statistics.
Notice the number of ADFS hits!
Enjoy!
Notice the number of ADFS hits!
Enjoy!
Misc : GitHub for Windows - Clone in Desktop
GitHub for Windows is a neat tool but suffers from a severe lack of documentation.
I find a project I like, click "Clone in Desktop" on the RHS and it takes me to a screen saying "Download GitHub for Windows" even though I have the damn thing already installed.
So ^^%$$% frustrating.
Mr. Google to the rescue and after a number of false starts (Google sucks more and more at delivering useful search results) I discovered that you need to log-in first on the GitHub site.
Then all is OK.
Going by the number of hits I found on this, 99% of this would be avoided if GitHub put a notice to that effect on the page e.g.
"You must first Login".
Enjoy!
I find a project I like, click "Clone in Desktop" on the RHS and it takes me to a screen saying "Download GitHub for Windows" even though I have the damn thing already installed.
So ^^%$$% frustrating.
Mr. Google to the rescue and after a number of false starts (Google sucks more and more at delivering useful search results) I discovered that you need to log-in first on the GitHub site.
Then all is OK.
Going by the number of hits I found on this, 99% of this would be avoided if GitHub put a notice to that effect on the page e.g.
"You must first Login".
Enjoy!
Tuesday, September 23, 2014
ADFS : The joys of hidden context
Playing around with ADFS 3.0 on Server 2012 R2 and found yet another difference with ADFS 2.x.
Imagine you have a number of .NET applications going via ADFS as a RP-STS going to another IP-STS.
Now on the IP-STS you want to know which RP the authentication request is coming from.
All the ADFS requests are coming through one channel so parameters like "Referer: " are useless.
In your RP web.config you can add a parameter like wreply or wtrealm as per wsFederation.
You'll see these in the URL going to ADFS in the &wctx section. But there's nothing going to the IP-STS. ADFS "removes" them. Instead there is a &wctx which is a GUID.
And there is a cookie on the way which looks like:
In ADFS 2.0, there was an entry in the web.config which told ADFS not to encode this information in a cookie but to send it as part of the query string - which makes for a lll-oon-nnn-ggg query string!
This entry was:
context hidden="true"
C:\Windows\ADFS
and there's a file called:
Microsoft.IdentityServer.Servicehost.exe.config
but it has no such entry.
The trick is to use PowerShell:
Set-AdfsWebConfig -ContextCookieEnabled $False
Enjoy!
Imagine you have a number of .NET applications going via ADFS as a RP-STS going to another IP-STS.
Now on the IP-STS you want to know which RP the authentication request is coming from.
All the ADFS requests are coming through one channel so parameters like "Referer: " are useless.
In your RP web.config you can add a parameter like wreply or wtrealm as per wsFederation.
You'll see these in the URL going to ADFS in the &wctx section. But there's nothing going to the IP-STS. ADFS "removes" them. Instead there is a &wctx which is a GUID.
And there is a cookie on the way which looks like:
MSISContextc1da81dd-46b6-4cee-b051-9c0e7a298527=xxxyyy==
where xxxyyy is Base64 encoded.
In ADFS 2.0, there was an entry in the web.config which told ADFS not to encode this information in a cookie but to send it as part of the query string - which makes for a lll-oon-nnn-ggg query string!
This entry was:
context hidden="true"
ADFSBut in ADFS 3.0 there is no actual web.config, You have to look in:
C:\Windows\ADFS
and there's a file called:
Microsoft.IdentityServer.Servicehost.exe.config
but it has no such entry.
The trick is to use PowerShell:
Set-AdfsWebConfig -ContextCookieEnabled $False
Enjoy!
Subscribe to:
Posts (Atom)