Scribd
Upload
923 views4 pages

ADFS Endpoints and Metadata Guide

These are entry level points that receive authentication requests or requests to access ADFS metadata. The endpoints are /adfs/is, /trust/mex, and /federationmetadata/2007-06/federationmetadata.xml. The federation metadata file contains information like endpoints, signing certificates, and claim descriptions used for authentication.

Uploaded by

Disha1
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
923 views4 pages

ADFS Endpoints and Metadata Guide

These are entry level points that receive authentication requests or requests to access ADFS metadata. The endpoints are /adfs/is, /trust/mex, and /federationmetadata/2007-06/federationmetadata.xml. The federation metadata file contains information like endpoints, signing certificates, and claim descriptions used for authentication.

Uploaded by

Disha1
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
  • ADFS Endpoints
  • Federation Metadata File
  • Claim Description

What are ADFS endpoints?

These are entry level point, which receive authentication request or any request from the application to
validate user credential or to access ADFS metadata file.

The application could be web Brower applications such as website and app application such as outlook
etc. Commonly three kinds of endpoints are used by applications to send authentication request to ADFS
or access metadata from ADFS server.

Endpoints: -

1. /adfs/is: - This endpoint is used by browser based applications to send and ADFS proxy server
2. /trust/mex: - This endpoint used by the app application such as outlook etc. more things here,
this endpoint no longer in use because all latest app use /adfs/is endpoint.
3. /federationmetadata/2007-06/[Link]: - this endpoint is used to federation
metadata of ADFS server.

You can make full URL of these endpoints with your ADFS server name such as your ADFS server name
[Link] so your endpoint URL will be: -

1. https:// [Link]/adfs/is
2. https:// [Link]/ trust/mex
3. https:// [Link]/federationmetadata/2007-06/[Link]

The endpoints can get by below PowerShell command

get-adfsendpoint | select fullurl | clip

Federation metadata of ADFS endpoint it is used to access federation metadata by application.


What is federation metadata file?

It is xml file that has ADFS server information’s, which are used for authentication process.

Which information contain federation metadata file

1. ADFS Endpoints: - to redirect authentication request to ADFS server from application


2. ADFS token Signing certificate: - for Signing claim token
3. Claim description (claim types): - it used for identity for authentication such as AD attributes
such as email address, upn, name contact no etc.
4. Entity ID -- it is identifier of your ADFS.

You can access federation metadata file by this url and check all information in it.

Entity ID

Claim description: -

Certificate

Open xml file in the notepad and search signing


What is Claim description (claim types)?

A claim is a statement about a user that is used for authorization purposes in an application. Claim has
ad attributes such as email address, upn, name contact no, employee ID etc.

ADFS supports three types of claims:

1. Identity claim: - the identity claim has AD attributs such as User Principal Name (UPN), email
address, common name.
2. Group claim: - Indicates a user's membership in a group or role.
3. Custom claim: - Contains custom information about a user, such as an employee ID number.

Claim description properties:-

The claim description properties show these information’s: -

1. Display name
2. Short name
3. Claim type
4. Description
In the xml file

You can check by Powers hell command

Get-adfsclaimdescription –name “e-mail Address” | clip

Note:- claim description is used for create relay party claim rule or another claim rule.

You might also like