ADFS connected with 2 different domains

Similar Messages

• ADFS with 2 different domains

  We are trying to do single sign on with an external partner. I've implemented an adfs server and a web app proxy for adfs proxy. Internally our domain is "domain.com". We don't own the external domain name. Externally, we own "otherdomain.com".
  I've imported the partner's metadata and created a Relying Party Trust. When I go to the partner's website, I am kicked back to adfs.otherdomain.com and forced to sign in with my domain credentials. With the settings I have in place, how do get it to pass
  my credentials? My claim rule is using email address. my email address is
  [email protected] but my internal domain is
  [email protected]
  Brannon Vaughan

  Hi Brannon,
  If I understand you correctly, your adfs proxy server is located in otherdomain.com, and you want to use the adfs proxy server
  adfs.otherdomain.com as part of the federation infrastructure of domain.com.
  Based on my research, the federation proxy server doesn’t have to join the domain of federation server, it can be a standalone server in the perimeter network. Although I am not sure that if it can be joined to an external domain
  other than the account/partner domain. If it will work, forest trust needs to be in place.
  I suggest you seek advices from ADFS forum as I posted out before.
  In addition, here are some ADFS proxy server related articles for you:
  Adding an ADFS Proxy Server
  http://blogs.technet.com/b/adfs/archive/2008/06/10/adding-an-adfs-proxy-server.aspx
  Understanding the AD FS 2.0 Proxy
  http://blogs.technet.com/b/askds/archive/2012/01/05/understanding-the-ad-fs-2-0-proxy.aspx
  Name Resolution Requirements for Federation Server Proxies
  http://technet.microsoft.com/en-us/library/dd807055(v=ws.10).aspx
  Best Regards,
  Amy

• DI Server Connection with 3 different Errors after working

  Ok, I am trying to use DI Server to connect to the database but I find I get one of three different errors depending on what I try... the strange thing, is that it was working perfectly for a really short while... Maybe I am overlooking something an just need a second set of eyes... Here is my code for the connection...
  Try
       DISnode = New SBODI_Server.Node
  Catch ex As Exception
       Return "Pre-Login :: " + ex.Message
  End Try
  Try
       sCmd = "<?xml version='1.0' encoding='UTF-16'?>"
       sCmd += "<env:Envelope xmlns:env='http://schemas.xmlsoap.org/soap/envelope/'>"
       sCmd += "<env:Body><dis:Login xmlns:dis='http://www.sap.com/SBO/DIS'>"
       sCmd += "<DatabaseServer>" & DataBaseServer & "</DatabaseServer>"
       sCmd += "<DatabaseName>" & DataBaseName & "</DatabaseName>"
       sCmd += "<DatabaseType>1</DatabaseType>"
       sCmd += "<DatabaseUsername>" & DataBaseUserName & "</DatabaseUsername>"
       sCmd += "<DatabasePassword>" & DataBasePassword & "</DatabasePassword>"
       sCmd += "<CompanyUsername>" & CompanyUserName & "</CompanyUsername>"
       sCmd += "<CompanyPassword>" & CompanyPassword & "</CompanyPassword>"
       sCmd += "<Language>3</Language>"
       sCmd += "<LicenseServer></LicenseServer>"
       sCmd += "</dis:Login></env:Body></env:Envelope>"
       sSOAPans = DISnode.Interact(sCmd)
       MessageBox.Show(sSOAPans)
       ' Parse the SOAP answer <SessionID>
       Return ParseSOAP(sSOAPans)
  Catch ex As Exception
       Return "Login :: " + ex.Message + " :: " + sSOAPans
  End Try
  Now In this state I get the "100000008 License does not exist" error
  If I put the server name that the License server is on in the license "<LicenseServer></LicenseServer>" section I get a "100000001 Connection with license server failed" Error... I pinged the server so I know its there and communicating...
  I am using the SBODemo_US company for the first two attemps. I then tryed a different company and got a "-8015 Bad company version" error... This is strange cause when checked in SBO B1 UI it stated that all companies where the same version...
  When the code worked it was with the code that was posted without any changes...
  If anyone can give me some pointers or advice on things that I may be over looking, I would be muchly appreciative... :P
  Thanks
  Jeremy Adam

  I am thinking I was unclear as to my problem... I can connect to the license Server... My problems is that after about 50 sucessful sessionID retrievals it decided to stop working and gave me a 100000008 error... I have read the other threads on this error and checked the items, like langauge, that cause this error for others but nothing I do changes this from a 10000008 error expect there was a couple of times, without changing any code, I got a 100000004 error... So what I want to know is what is a 100000008 error and what cause it so I can try and fix it... I have checked security, ports, IP's, and look the variables for the connection... Nothing works... So now I am getting frustrated and partitioning your great people for knowledge and insite... Please help!
  Thanks :P
  Jeremy Adam

• Apps can't connect with OS different than 2.2

  Hello, I've looked around the forum and I see common issues as mine but not the same. So my problem is from updating my Ipod Touch 2G 16GB with ANY OS. With the original 2.2 I have no problems at all, but since 3.0 is out every single update I've tried is preventing me from using Wi-Fi. The OS3 was preventing me from using entirely the internet if I remember right, while the OS4 is preventing me from downloading apps and connecting with the current ones. I can browse around YouTube and web pages, I can browse the App Store, but I can't download anything. When I try to download an app, it's just trying to connect until I stop it. When I try to run apps that I already have, by restoring from Itunes, they just can't connect to internet, it says that there is no active internet connection. The Wi-Fi is up and running, just not for the apps it seems.
  So I've tried reseting the network settings, full reset, restore, WAP/WEP/no password on router, and no result at all. I just keep going back to 2.2 after every update because I need my apps to be able to connect to internet.
  Because Apple were very unhelpful I am looking for any input that could help.
  Thanks in advance.

  You can get support from Apple by visiting an Apple store or by calling technical support. This is a user forum.
  I am going to suggest that you work on your WiFi problem. There are no inherent OS problems in 2, 3, or 4 that would cause what you are describing. If Safari can connect and you can browse, you don't have a problem. If you can send/receive e-mail, you don't have a problem. If you can connect to the App store but can't buy/download anything, then your problem is with the App store.
  But if you do have WiFi issues, then you can try the following (works on all versions of the OS):
  1. Reboot your router (unplug it from the power)
  2. Reset the touch network settings - tap Settings > General > Reset > Reset Network Settings
  3. When your touch restarts, tap Settings > WiFi > Other and completely re-enter your network name, security, and network password.
  You can always check to see what your internet connection is up to by tapping Settings > WiFi > and then tapping the blue ">" next to your network name. If your device IP address starts with 169.x, then your most likely problems are with your router or the encryption system you have chosen.
  If your iP address is the expected 192.168.x.x series, then your problems may be with your ISP's DNS service. If you know how to work with your wireless router, you can always change the DNS to something a bit more reliable like OpenDNS.
  If you still have problems after you try the 3 steps above, post your network configuration for us - type of router, encryption used, etc.

• Integration of ACS with two different Domain in different forest

  Hi
  We have two Domain Controllers in two different forests. One forest is X.IN and other is Y. In X.IN forest we have a tree called PPP.IN.
  Is it possible to integrate ACS with both PPP.IN and Y? Please confirm ASAP.
  Thanks
  Ritesh

  It is possible in ACS 4.2 to do machine and user authentication over cross forest trusts. See Resolved Caveats here:
  http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/release/notes/ACS42_RN.html
  HTH
  Jeremy

• Using Cisco Connect with 2 different Routers

  I have the linkys n300 E1200 at my office and the Linksys E1000 at my home.  How do i configure Cisco Connect to work with both of these routers so i don't have any connectivity issues?

  You can only have one Cisco Connect software installed on your computer. What are your challenges with the Linksys routers? Are you experiencing slow connection? Or intermittent connection? Does it occur on both routers? Since the two routers are on two different locations, we need to properly isolate this matter to know what is really causing it. 
  Updating the router's firmware will help in resolving connectivity difficulties. If the wireless connection drops, you can also try adjusting the wireless channels of the router. I am using channel 9 for my EA4500 router. Make sure as well that the router is being placed on a higher location or less interference area. 
  Share more details about this matter. Community users are here to help.
  Help, learn and share

• ADF connect with essbase

  plz give link for connecting essbase to Oracle ADF
  Give me the link.
  Thanks in advanced.

  User,
  You can try [url http://www.google.com]this link after filling in the appropriate details ;)
  However, my initial research indicates that Hyperion Essbase doesn't have a workable way to connect using JDBC (it's not an RDBMS, after all). There is a Java API for connecting to Essbase which you could use, but it doesn't relate to ADF in any way.
  John

• How to migrate AD users with two different Domain.

  Hi 
  I want to test in LAB.I have installed win 2008 server on Comp1 and domain name xyz.com & IP 192.168.1.1.and i have installed win 2008 on comp2 and domain name abc.com.ip is 192.168.1.100,and i have created trust relationship between.
  Now i want to migrate Ad uesr Account from xyz.com to abc.ocm.
  How will we do???
  Pls help...
  Thanks
  Anil

  Hi Anil,
  After configuring trust, you can use ADMT to migrate users, computers etc between domains.
  To export the password of AD User Accounts from xyz.com to abc.ocm, you need to install Password Export Server(PES) on the source domain (xyz.com).
  Checkou the below link on ADMT and PES installation,
  http://social.technet.microsoft.com/wiki/contents/articles/16208.interforest-migration-with-admt-3-2-part-2.aspx
  Checkou the below link on AD user account migration,
  http://social.technet.microsoft.com/wiki/contents/articles/16621.interforest-migration-with-admt-3-2-part-3.aspx
  Regards,
  Gopi
  www.jijitechnologies.com

• How can I set up Gmail on my iPhone with a different domain name?

  I'm an ASU student so my email ends in @asu.edu. However its a Gmail account and I just got a new iPhone and I would really like to set it up through the mail app but it won't let me. Every time I type my email and password in the phone says: "The user name or password for "imap.gmail.com" is incorrect"...but I know it isn't. Is there a way I can do this?
  Thanks!

  This should work; one of my e-mail accounts is my own domain through Gmail.  Make sure your username is set to your full e-mail address (like [email protected]) rather than just your username.
  Did you set it up on your iPhone as an IMAP account, or as a Gmail account?  It should work perfectly using the Gmail setting.  It can work as IMAP, but you need to jump through a few hoops to get there.

• Is there a way to upload songs from my iTunes to another iPod that is connected with a different iTunes account without any songs being deleted?

  My father has thousands of tracks in ipod nano uploaded from his desktop computer itunes, but he wants several tracks from my macbook pro laptop itunes.  Is there a way to get my tracks into his nano without deleting the thousands of tracks.  It seems ridiculous to delete all the tracks just to get a few more.  By the way, he does not have a desktop computer anymore, and the only way to get tracks is from my laptop.  Also some of the tracks in his nano, he does not own the CDs anymore that is why he does not want to automatically delete his thousands of tracks in his nano.  When he had his desktop, he had his own itunes account, and i have my own itunes tracks.  We want to share music although we have our own account. Please help. Thank you Apple.

  No. If you have different iPod using a different iTunes acct. you have no choice but to delete the songs and upload your. itunes won't let you transfer songs from different iTunes acct.

• How to manage two different sites with two different domains

  i made two separate websites in iweb and i accidently loaded the second website to the old one and now every time I try to publish my site or try to visit with one click it brings me to a default page can you please help to understand what i did wrong

  Use the .Mac URL to visit each site.....
  http://web.mac.com/username/WebsiteName/PageName.html

• FR Studio - Is there a workaround for the issue with referencing data from a grid with a different DB connection and different # of dimensions?

  Hi,
  I am trying to reference a column in a different grid with a different database connection. I did some research in the forums, and it seems like this is a known issue with FR Studio. The issue is that if the 2 different database connections have different # of dimensions, then the reference will throw an error.
  For example, what I'm trying to do is below:
  In grid2.column[A], I have the following formula:
  grid1.column[A]
  The result is an error.
  The ultimate goal is to have a basic variance formula in the grid between grid1 and grid2, which have different database connections with a different # of dimensions. Is there a workaround at all to this bug? The example of the basic formula is below:
  grid1.column[A] - grid2.column[A] 
  Any help is much appreciated!
  Thanks,
  Tiffany

  Thanks for the detailed response Mike.
  The issue with trying it in Grid1 vs Grid2 is that Grid1's DB connection has more dimensions than Grid2's DB connection. I can't change the DB connection to a database with more dimensions because you have to be able to map all dimensions from the existing DB connection  (Grid1) to the new DB connection (Grid2). This isn't possible, so instead I have to map Grid2 (less dimensions) to Grid1 (more dimensions). It just ignores the extra dimensions from Grid1. Does that make sense?
  Thanks again for your responses. It's very much appreciated.
  Tiffany

• Connecting with company is getting slower and slower.

  Hi. we are experiencing a problem with our sdk program. We have about 15 machines connected with 6 different users using our sdk program. The first day everyone logs on in 10 seconds, but as the day passes they start getting slower when connecting to the company. Maybe about 2 or 3 days later we will need to reboot the server so they can start working again. A note on the side, this only affects our sdk development. SapBusinessOne.exe can successfully connecdt to the company at the 3rd day when the progam cant. Iam not calling the disconect company when the program exists, I thought the .net crl would take care of that.. dont know if this could be the problem?
  We are using SapBusiness 2007 patch 48
  Thank you.
  Jose.

  Sorry its in DI, this is the code i use to connect to the company and where it takes alot of time to call.
  the Company object I pass is simply a _oCompany = new Company(). the server is in the form of "10.0.0.14"
  How to I release ComObjects? with dispose?
  Thanks
  public static string Connect(Company _oCompany, string _sServer, string _sCompanyDB, string _sDBUser, string _sDBPassword, string _sUser, string _sPassword) {
              oCompany.DbServerType = BoDataServerTypes.dstMSSQL2005;
              _oCompany.CompanyDB = _sCompanyDB;
              _oCompany.Server = _sServer;
              _oCompany.DbUserName = _sDBUser;
              _oCompany.DbPassword = _sDBPassword;
              _oCompany.UserName = _sUser;
              _oCompany.Password = _sPassword;
              if (_oCompany.Connect() != 0) {
                  return GetLastError(_oCompany);
              else {
                  return "";

• Dynamic CRM connect outlook Client with different domain

  Hi Guys,
  I had installed CRM 2011 in cloud with different domain.
  If I use browser is working fine just that when i use Outlook client it show 
  15:24:16|  Error| Exception : The request for security token could not be satisfied because authentication failed.    at System.ServiceModel.Security.SecurityUtils.ThrowIfNegotiationFault(Message message, EndpointAddress target)
     at System.ServiceModel.Security.SspiNegotiationTokenProvider.GetNextOutgoingMessageBody(Message incomingMessage, SspiNegotiationTokenProviderState sspiState)
  I found that is because you must connect to the same domain.
  any idea that i can use my Outlook client to connect to CRM 2011 without changing my domain?
  Regards,
  Kim

  Yes - I've been scarred with this for many years :(
  If it is just CAS 1 that is causing issues, then focus in on that.  The support statement for Win 2008 R2 is that NLB is still a 3rd party component and support may ask for it to be disabled.
  http://support.microsoft.com/kb/278431 
  Does CAS1 and CAS2 have the same NICs (firmware as well), driver, teaming software, and teaming config? 
  I also want to ask what the network team did for configuring the switch ports on the servers?  This will vary from vendor to vendor  - did they do the same config on both?
  Cheers,
  Rhoderick
  Microsoft Senior Exchange PFE
  Blog:
  http://blogs.technet.com/rmilne 
  Twitter:   LinkedIn:
    Facebook:
    XING:
  Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.
  Thanks Rhoderick, issue still persists
  can you also help clarify what you meant by "configuring the switch ports on the servers"?
  thanks again

• MAP don´t login in the clients when the pcs don't connect with a domain

  I have a network with a normal pcs (as home pcs) with out domain; but i try audit the network but always launch the same error "Failed - Access Denied". I read in the internet and this problem is present when the netlogon service is down , but
  this service can't enable because this service only enable when the clients is connect with a domain controller. I need a solution. We have an ideas or solutions?
  Thank You!!

  Inventorying workgroups can be difficult, especially when it comes to remote access and network security. Because workgroups are not centrally managed, some of the items discussed in this
  wiki article on preparing your workgroup environment may require you to visit each machine individually.
  For non-domain credentials, you do not use the <systemname>\<user> format, you simply enter the user name. Regarding how to enter the credentials, if you have an account that uses the same username and password on all machines and is an administrator
  on all of those machines, then you can enter that in the All computers credentials page of the wizard. You can also do this if they are different user names. However, if some machines have an account with the same user name, such as Administrator,
  but different passwords on each machine, you will need to use the Manually enter computer names discovery method, and then enter the information for each group or each machine.
  As you can tell, workgroup environments can quickly negate any benefit that the agentless inventory nature of MAP provides.
  Please remember to click "Mark as Answer" on the post that helps you, and to click
  "Unmark as Answer" if a marked post does not actually answer your question. Please
  VOTE as HELPFUL if the post helps you. This can be beneficial to other community members reading the thread.