ADFS | Ali Distributed File System ) is an evolutional version

• As you have stated that the ADFS server to be added in the farm is running on Windows Server 2016, the FBL (Farm Behaviour Level) version is 3 and the corresponding ADFS Configuration Database Name will be ‘AdfsConfigurationV3’. Thus, the actual databases to be searched for while specifying the configuration database should be ‘AdfsConfigurationV3’.

• If the OS version of the ADFS node server is ‘Windows Server 2012 R2’, then the FBL will be ‘1’ and the ADFS Configuration Database name will be ‘AdfsConfiguration’ while the OS version, if it is ‘Windows Server 2019’, then the FBL will be ‘4’ and ADFS Configuration Database name will be ‘AdfsConfigurationV4’. Also, you should check for the ‘AdfsConfigurationV3.mdf’, ‘AdfsConfigurationV3_log.ldf’, ‘AdfsArtifactStore.mdf’ and ‘AdfsArtifactStore.ldf’ database files in the other ADFS Farm connected servers and accordingly try to form the connection string and connect to the right database.

• It is safe to detach the ADFS database through the SQL query from the original ADFS Server by using the queries below and then copying them and pasting them at a location where SQL databases are stored on the destination ADFS Server.

There is predefined on Windows the environment variable USERNAME with all letters in upper case which holds the name of the user account, see the Wikipedia chapter Windows Environment Variables for more information about the predefined environment variables on Windows.

aws-adfs of version 2.0.1 does not require on Windows that the environment variable username is defined with all letters in lower case. Environment variable names are case-sensitive on Linux where it is possible to define an environment variable USERNAME and additionally also an environment variable username.

There could be used in a Windows command prompt window:

You might be able to do this with "Properties".

e.g.

c:[Type == "http://mycompany/internal/sessionid"]
=> issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/namequalifier"] = http://xxx/adfs/services/trust, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/spnamequalifier"] = "sp_test");

More here and here.

Assuming you just want to render the list, you can try creating a map based on some key (maybe on 'pk') and pass it on, say to grid.

"Does Cognito cache some kind of ID data somewhere"?

No, ADFS does.

There is a client-side cookie and a server-side cookie.

Let's say the ADFS timeout is set to 8 hours.

So you log in the first time, and cookies are created on both sides.

Now on the client-side, the access token expires (assuming OIDC) and the client sends a refresh token. ADFS checks its cookie has not expired and then sends a new access token.

As long as the ADFS side has not expired, you get SSO.

Just for completeness, when you log out, ADFS clears its cookie. When the client-side receives the logout response, it clears its cookie.

Now you have to re-authenticate.

The URI that Google shows isn't even a part of the website, nor is a URI that I supplied to Google, so I have no idea where it's coming from.

The redirect uri is built buy the client library you are using. Your app is set to run http not https its running localhost and not hosted so its 127.0.0.1 the port is also either being randomly generated by your app or something that you have set up statically. the /authorize is attached again by the client library.

The redirect uri is the location your code is prepared to accept the response from the authorization server. This URI needs to be configured in Google cloud console. The easiest solution is to copy it exactly and add it as a redirect uri in Google cloud console. Just make sure that your app is set to use a static port if the port changes its not going to work.

This video will show you how to add it. Google OAuth2: How the fix redirect_uri_mismatch error. Part 2 server sided web applications.

As far as I know, you should set the ADFS server to return the more claims instead of doing it at the client side.

You should have the enough permission to manage your server and follow this article to modify the ADFS server to return more claims or custom claims.

More details, you could refer to this article.

• You don’t need to import ADFS configuration into a new Enterprise application for ‘Dropbox’ as its application federation configuration is already imported and made available for Azure AD users for smooth SSO authentication purposes in Enterprise application gallery. The image as posted by you regarding Dropbox application import into Azure from ADFS confirms that Dropbox is available for migration in Azure AD and its relative setup is a matter of few clicks and configurations.

• Also, the message in the image posted by you is only displayed for those applications that are readily available in Azure AD Enterprise applications and not legacy applications (applications that are not SaaS apps and need to be setup manually in Azure AD enterprise applications as a non-gallery app). When ADFS Health Connect communicates with Azure AD and syncs the relying party trust information from ADFS on-premises server, Azure AD compares it with the ready, available and Integrated SaaS applications in its gallery to be provisioned in the respective Azure AD tenant through the ‘create’ option. Similarly, when you do this provision/create ‘Dropbox’ SaaS application from Enterprise application gallery, it detects automatically through the ADFS Health Connect activity report that ‘Dropbox’ is configured as a federated RPT in the synced on-premises ADFS server and asks the user to migrate it to Azure AD.

For more detailed information on migrating Dropbox application from ADFS to Azure AD, please refer to the link below which discusses setting up of SSO authentication through SAML in Azure AD.

https://www.youtube.com/watch?v=OThlTA239lU

I think the report is still in preview and it is missing a create application button. All the documentation only shows the reports & not the create process.

Also this migration tool, is a repackage of the powershell test commands: https://github.com/AzureAD/Deployment-Plans/tree/master/ADFS%20to%20AzureAD%20App%20Migration

So I assume you need to create the application manually based on the report.