This project has moved and is read-only. For the latest updates, please go here.

Neos-Sdi ADFS Multifactor

Rating:        Based on 1 rating
Reviewed:  0 reviews
Downloads: 347
Released: Feb 26, 2017
Updated: Feb 26, 2017 by redhook
Dev status: Stable Help Icon

Recommended Download

Application Neos.IdentityServer.Multifactor
application, 1507K, uploaded Feb 26 - 263 downloads

Other Available Downloads

Application Neos.IdentityServer.Multifactor.SMS
application, 1302K, uploaded Feb 26 - 84 downloads

Release Notes

Multifactor extension components for ADFS 3.0 (Windows 2012 r2/2016) release

changed files version to 1.2.5.x, assemblies remains in version
  • Added custom form when waiting for SMS/Email request (donut)
  • Added 2 parameters for SMS API (ExternalOTPProvider), Timeout, IsTwoWay.
  • Updated SMS samples

New version to correct a bug found by KKorn see issue
changed files and assemblies version to
Everyone is encouraged to install this new version

This version fixes a major security flaw. We apologize for any inconvenience this may have caused you.
We would like to thank KKorn very much for putting the problem in a very detailed way.
Now, to keep a user's information between the different page calls, we use the authentication context (IAuthenticationContext). This context is stored as an hidden input and is available between each calls.
For ADFS 2012R2 or ADFS 2016 this hidden input is encrypted and web encoded by the platform.
  • ADFS 2012 R2, the content of the hidden input is signed and encrypted with the ADFS certificates.
  • ADFS 2016 (2016 mode or threshold) this is an RSA key.
For more information please see Win2012R2AuthContextFormatter() and ThresholdAuthContextFormatter()
Using the cookie allows operation with network load balancer without affinity.

We also add a new attribute when using ADDS "msDS-cloudExtensionAttribute18" for managing the enabled status of a user (whe plan to use this in version 2.0)

After deploying all the assemblies in de GAC, don't forget to Re-Register the component and update your configuration file (Register-AdfsAuthenticationProvider, UnRegister-AdfsAuthenticationProvider and Import-AdfsAuthenticationProviderConfigurationData

in Zip file 2 builds (FW 4.5.2 and 4.6.2)

changed files version to, assemblies remains in version
Bug correction when registering the component via PowerShell.
  • ADMIN0021: Invalid authentication provider data. You can only specify a maximum of one identity claim.
Thanks to Hedius for bringing us the problem
Your must install the new version and redeploy the assemblies, and register properly the component with PowerShell

changed files to - small updates on QR Code scanning (lowered url). Now works correctly with the last version of Microsoft Authenticator.
You must redeploy the assemblies

Added API to support notifications with "oneway" SMS
Added Sample to show how to use external API
Added Azure MFA demo using external API

Added Globalisation for spanish (translated with Bing Translate)
Minor changes
Asynchronous send for email and sms

Version 1.0 must be undeployed
Version 1.1 must be deployed, config file must be updated (see documentation)
Samples for sms can be deployed

Documentation has been updated

Multifactor extension components for ADFS 3.0 (Windows 2012 r2/2016) release

changed files to - small updates on resources files.
Error messages are now corrects (see eventlog error 801 and adfs eventlog error 364)

changed files to - added two updates
- in user configuration, it's now possible to reset the secret key
- TOTP codes history (shadow) set to 2. hte valid codes are the current, the 2 previous and the 2 next. can be used if the time is not well synchronized.
You must re-register the extension to get it working.

changed files to - bug correction
- Window validation time was incorrect when using different Time Zones. the user was not agreed to login, even if the totp code was correct. this situation occurs when using ADDS configuration.

changed files to
- added capability to disable email validation in the config file.
- property default changed in the provided configfile : KeyGenerator="ClientSecret128" to KeyGenerator="ClientSecret512"

You must re-register the extension after updating assemblies

Reviews for this release