Microsoft's Active Directory Federation Services (ADFS)

 

Active Directory Federation Services

 Microsoft's Active Directory Federation Services (ADFS) is outdated because it only allows SAML 1.0 rather than the current 2.0 and requires multiple servers.  ADFS is focused around Business Central clients.  With ADFS you have to choose between Security Assertions Markup Language (SAML) 1.0 tokens or JSON Web Tokens (JWT). Then Business Central and Business Central Web Server has to be adjusted to use ADFS. The Dynamic Nav Windows client connection has been discontinued for a number of years now.
  Microsoft announced the availability of Azure Active Directory certificate-based authentication (CBA) in Feb. 2022.

 Source: https://redmondmag.com/articles/2021/04/28/fireeye-explains-nobelium-exploit-of-adfs.aspx   ADFS was attacked by the Nobelium (also called "Solorigate") group associated with Russia, which tapped into government and industry organizations. One of the avenues of those attacks was ADFS to generate SAML tokens and access Exchange Online e-mail traffic. This "golden SAML" approach allowed attackers to bypass multi-factor authentication and access any federated application, according to FireEye.


Comments

Post a Comment

Popular posts from this blog

Upgrading to .NET8 from desktop versions 4.8.X

Image
Upgrade to Latest .NET OVERALL     Problems and differences encountered taking applications from .NET 4.8 desktop to .NET 8 . SUGGESTION    Rebuild the solution and project files from scratch with latest .NET 8. PROBLEMS APIs    On later .NET APIs (post 4.8 desktop), you need to be extra carefully about how the inbound objects are declared.  So if integer in Postman, then must be integer in object.  In older .NET, they accept properties as strings.       Example - Say body in Postman is:          {     "SettingData" : 31000 }    Pretend endpoint method is: [HttpPut("cache/resettimer")] [Produces("application/json")] [ProducesResponseType(typeof(ResetCacheResponse), Status200OK)] public async Task<HttpResponseMessage> MyMethod ([FromBody] InputData input)    Later .NET must be: public class InputData { public int SettingData { get; set; } } ...
Read more

GHL Chat Bots for Webpage

 GHL Chat Bots  for Webpage   GoHighLevel (GHL) is an old established marketing software tool that has AI added to it.  GHL calls this AI for chat bots as "Conversation AI" that only needs to understand typed text.  GHL calls the AI for phone lines as "Voice AI Agents".    So in GHL, go to Sites menu option =>         1) Chat Widget tab => New => <create the chat widget you want, by default newly created chat widgets do "Live Chat" >        2) < pick your funnel or website > => Edit or New => Settings tab => under "Chat Widget" pick the chat widget. ================================ EXTRA:    In GHL, go to Settings menu option => then "Conversation AI" menu option =>       1) click "Create Bot" button => fill in Name, Status, Channel on first tab       2) on Bot Goals tab, click "Appointment Booking"      ...
Read more

GHL > Set website so shorter URL address

Image
GHL > Set website so shorter URL address Background:  In GoHighLevel, you can  set a specific page as the default page   for your website or funnel, essentially making it the "index.html" equivalent for your domain. This page will be the first one displayed when someone visits your domain without specifying a specific page path.   Example:      1) GHL > Site > pick your funnel or website > Edit it.       2) Notice where it puts the website:     3) If my  https://aiappointmentbooker.com/  is not working but works when I go to  https://aiappointmentbooker.com/home-page-3213  like above, then you need to fix your index.html by doing these steps. Here's how you can do it: Go to Domains:  In your GoHighLevel account, go to  Settings > Domains . Find and Edit Your Domain:  Find the domain you want to configure and click on the edit icon next to it. Set the Default Page:  Set...
Read more