Document Details

Identity Provider Adfs Saml
Home / Scan #2 / Identity Provider Adfs Saml
Sad Tux - Windows bias detected
This page contains Windows bias

About This Page

This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
GitHub View on GitHub 📚 View on Microsoft Learn

Bias Analysis

Detected Bias Types
windows_tools
powershell_heavy
windows_first
missing_linux_example
Summary
The documentation page demonstrates a strong Windows bias throughout. All AD FS configuration steps are described using Windows-specific tools such as Server Manager, AD FS Management snap-in, and PowerShell cmdlets. There are no Linux or cross-platform alternatives provided for any step, and all troubleshooting instructions reference Windows event logs and tools. The documentation assumes the administrator is operating in a Windows environment and does not mention or provide guidance for Linux-based AD FS alternatives or SAML identity providers.
Recommendations
  • Provide equivalent instructions for configuring SAML identity providers using non-Windows AD FS alternatives (e.g., Shibboleth, SimpleSAMLphp) commonly used on Linux.
  • Include examples of how to generate and manage certificates using Linux tools (e.g., OpenSSL) alongside any Windows-specific instructions.
  • Offer guidance on how to view and troubleshoot SAML logs and events using Linux-based tools or generic SAML debugging tools.
  • Clearly state at the beginning of the document that the instructions are Windows/AD FS-specific, and link to separate guides for Linux-based SAML providers if available.
  • Where PowerShell or Windows GUI steps are given, provide equivalent CLI or configuration file examples for Linux-based SAML providers.
GitHub Create Pull Request

Scan History

Date Scan Status Result
2026-01-14 00:00 #250 in_progress Biased Biased
2026-01-13 00:00 #246 completed Biased Biased
2026-01-12 00:00 #243 cancelled Biased Biased
2026-01-11 00:00 #240 completed Biased Biased
2026-01-10 00:00 #237 completed Biased Biased
2026-01-09 00:34 #234 completed Biased Biased
2026-01-08 00:53 #231 completed Clean Clean
2026-01-08 00:00 #228 cancelled Clean Clean
2026-01-06 18:15 #225 cancelled Clean Clean
2025-09-14 00:00 #111 completed Biased Biased
2025-08-14 00:01 #80 cancelled Biased Biased
2025-08-13 00:00 #79 cancelled Clean Clean
2025-07-13 21:17 #46 cancelled Biased Biased
2025-07-13 21:11 #45 cancelled Clean Clean
2025-07-13 20:48 #44 cancelled Biased Biased
2025-07-13 20:32 #43 cancelled Biased Biased
2025-07-09 13:09 #3 cancelled Clean Clean
2025-07-08 04:23 #2 cancelled Biased Biased

Flagged Code Snippets

    <ClaimsProvider>
      <Domain>contoso.com</Domain>
      <DisplayName>Contoso</DisplayName>
      <TechnicalProfiles>
        <TechnicalProfile Id="Contoso-SAML2">
          <DisplayName>Contoso</DisplayName>
          <Description>Login with your AD FS account</Description>
          <Protocol Name="SAML2"/>
          <Metadata>
            <Item Key="WantsEncryptedAssertions">false</Item>
            <Item Key="PartnerEntity">https://your-AD-FS-domain/federationmetadata/2007-06/federationmetadata.xml</Item>
          </Metadata>
          <CryptographicKeys>
            <Key Id="SamlMessageSigning" StorageReferenceId="B2C_1A_SAMLSigningCert"/>
          </CryptographicKeys>
          <OutputClaims>
            <OutputClaim ClaimTypeReferenceId="issuerUserId" PartnerClaimType="userPrincipalName" />
            <OutputClaim ClaimTypeReferenceId="givenName" PartnerClaimType="given_name"/>
            <OutputClaim ClaimTypeReferenceId="surname" PartnerClaimType="family_name"/>
            <OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="email"/>
            <OutputClaim ClaimTypeReferenceId="displayName" PartnerClaimType="name"/>
            <OutputClaim ClaimTypeReferenceId="identityProvider" DefaultValue="contoso.com" />
            <OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="socialIdpAuthentication"/>
          </OutputClaims>
          <OutputClaimsTransformations>
            <OutputClaimsTransformation ReferenceId="CreateRandomUPNUserName"/>
            <OutputClaimsTransformation ReferenceId="CreateUserPrincipalName"/>
            <OutputClaimsTransformation ReferenceId="CreateAlternativeSecurityId"/>
            <OutputClaimsTransformation ReferenceId="CreateSubjectClaimFromAlternativeSecurityId"/>
          </OutputClaimsTransformations>
          <UseTechnicalProfileForSessionManagement ReferenceId="SM-Saml-idp"/>
        </TechnicalProfile>
      </TechnicalProfiles>
    </ClaimsProvider>