yes you are right... in short simply awesome..

Glad it was helpful!

Glad you think so!

Glad it was helpful!

Glad it was helpful!

No there is nothing wrong, in both the scenarions the claim rules are created for different entities. At 17:24 the rule is created for relying party, where later the rule is created at claim provider trust. The rule created at the end will inforce the query of claims in the token.

@@ConceptsWork I'll check again

Will focus now on our new videos, thank you for the feedback..! Much Appreciated.

Thank you sahil for watching our content, ADCS is parked for now, we are completely focused now on security products of Microsoft.

No there is no trust between both the Active Directory.

Will we still need 2 ADFS servers if there is a forest level trust configured between the domains? Will my ADFS1 can query user object from second domain then or still it should go via app-adfs1-adfs2-ad2 ?

Will upload soon

Completely agreed with you. It all depends upon the authentication flow, that you want to achieve. Some organization develop applications and then provide it as a service, where in there own application is protected by ADFS. This can lead to multiple use cases, likewise for every customer, application must have a different instance. The core agenda for this video was to showcase, how the authentication process is executed between two ADFS servers. Feel free to reach us, for any other query. Thanks..!!

@@ConceptsWork I love your videos and I spend most of my study times with your videos. Just to reiterate Aqib Munshi's point for this Account & resource organization scenario, cant this be achieved by adding the Federation.xml of Identity Cloud in the application and then adding a RP trust at Identity cloud ADFS ? So that it could directly redirect the Auth Request to ADFS of Identity cloud as usual?

There is a dedicated video explaining the purpose of each cert in this playlist itself.

@@ConceptsWork I studied all the playlist, which one please, and thanks for replaying

We can create a custom claim rule in ADFS, which will check the DN of the user with the maching domain name and only allow access for a specific domain. Like users exists only in contoso.com should be able to access a particlar application.

Your machine should be able to access the link, try accessing the link from the browser and see, if it works or not.

@@ConceptsWork Yes, that is accessible.

@@ConceptsWork do I need to create the forest trust in both domain or need to configure dns forworder? Actually it should not be if we are configured Adfs ...

DNS forwarder is not required if you can access the federation metadata. Try manually populating the details.

@@ConceptsWork Kudos, it's worked perfectly , thanks a lot 🤝☺️

Please explain if my question is wrong

ADFS is not managing any application URL. Please elaborate your exact doubt.

would like to ask about ADFS. We have an ADFS 3.0 server that connects to office 365. I have other apps now that I need to federate. I would like to know can I use the same ADFS server to federate these other applications or do you have to have a separate server for each application. I would assume you can use a single server however most documentation only talks about single app senarios

Hi sir

No. ADFS2 will be the relying party in ADFS 1. App will sent auth request to ADFS 2--> ADFS2 will route the request to ADFS 1 --> ADFS1 will contact AD --> ADFS 1 will provide a token to ADFS 2 --> Which will be consumed by ADFS 2 --> and a new token will be provided to App.(which will be genrated by ADFS 2)

If you are using 2016 or above please check from get-adfsproperties if idp initiated sign on is enabled.

learn.microsoft.com/en-us/windows-server/identity/ad-fs/troubleshooting/ad-fs-tshoot-initiatedsignon#enable-the-idp-initiated-sign-on-page

You have to make sure, both the server can resolve each other, if you are not able to reach one it can be DNS issue.

@@ConceptsWork thanks for the info, i solved the issue. Thanks for your quick reply

what is not working ?