scs-cbu-ced-iam / adfs-mobileid Goto Github PK
View Code? Open in Web Editor NEWMobile ID Authentication Provider for Active Directory Federation Service (ADFS)
Mobile ID Authentication Provider for Active Directory Federation Service (ADFS)
If you set a mobile number like "testthisnumber" it will generate an error but that is not logged in the Event Log. It should show the mss:101
Mandatory to verify that the message has been signed
Optionally: certificate revocation over CRL and/or OCSP
AuthnContext (AuthenticationStatement) should be urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorContract and not <saml:AuthenticationStatement+AuthenticationMethod="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
Entire X509 Certificate of the signer
(Optional) Serialnumber of the DN
This should also be possible to be set as NameID
SubscriberInfo (if present)
Reference of Claims https://technet.microsoft.com/en-us/library/dn280937.aspx
Only the first module is logging actively mobile id events (clients...) beside the startup events
There is no more revocation option in the Mobile ID itself (beside if CA will do it).
Therefore we should make it optional and by default "off" or even remove it completely.
C:\Program Files (x86)\MobileIdAdfs\v1.0>import_config.cmd "MobileId.Adfs.AuthnAdapter.xml"
DEBUG: CALL: Get-AdfsAuthenticationProvider -Name MobileID10
DEBUG: CALL: Get-AdfsGlobalAuthenticationPolicy | select -Property
AdditionalAuthenticationProvider
VERBOSE: MobileID10 is not enabled in ADFS
ImportMidAdfsConfig : Mobile ID Authentication Provider v10 is not installed
At C:\Program Files (x86)\MobileIdAdfs\v1.0\import_config.ps1:28 char:9
+ $rc = ImportMidAdfsConfig $cfgFile "10"
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,ImportMidAdfsConfig
Import of config file 'MobileId.Adfs.AuthnAdapter.xml' failed.
It generates an error if you have a phone number with spaces or brackets.
Remove all spaces on the number before doing the call
Import of certificates
Is it necessary to import the Swisscom Root certificate as well as the Mobile ID SSL certificate into the root store as they have the same fingerprint?
Event Log typo
On the event log, we found a spelling error Success without 2 C see below
og Name: Swisscom-MobileID-Adfs/Admin
Source: Swisscom-MobileID-Adfs
Date: 22.01.2016 14:44:22
Event ID: 21
Task Category: AuthenticationSucess
Documentation for the outgoing communication.
In addition to https://mobileid.swisscom.com it should be described that the ADFS Plugin needs communication to swissdigicert.ch
Still referring to 1.0
Provide an option to define a list of allowed MCC valid for all users / requests.
See optional 'allowed_mcc' in https://github.com/SCS-CBU-CED-IAM/simplesaml-mobileid implementation in SCS-CBU-CED-IAM/simplesaml-mobileid#55
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.