Document Details

Identity Provider Adfs Saml
Home / Scan #44 / Identity Provider Adfs Saml
Sad Tux - Windows bias detected
This page contains Windows bias

About This Page

This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
GitHub View on GitHub 📚 View on Microsoft Learn

Bias Analysis

Detected Bias Types
windows_tools
powershell_heavy
windows_first
missing_linux_example
Summary
The documentation demonstrates a strong Windows bias by exclusively referencing Windows tools (Server Manager, AD FS Management snap-in, Event Viewer), providing only PowerShell command examples for configuration, and omitting any mention of Linux or cross-platform alternatives for AD FS management or troubleshooting. All step-by-step instructions assume a Windows environment, with no guidance for Linux administrators.
Recommendations
  • Provide equivalent instructions or notes for environments where AD FS is accessed remotely or managed via non-Windows systems (e.g., via REST APIs, if available, or using cross-platform tools).
  • Include references to any available cross-platform AD FS management tools or clarify that AD FS is a Windows-only technology, but highlight how Linux administrators can interact with it (e.g., via browser-based management, remote PowerShell from Linux, or REST endpoints).
  • Where PowerShell is used, mention if and how PowerShell Core (pwsh) on Linux/macOS can be used, or provide alternative command-line examples if possible.
  • For certificate creation and management, include Linux-based commands (e.g., using OpenSSL) alongside Windows-centric instructions.
  • Explicitly state the Windows-only nature of certain steps, and provide guidance for mixed-environment teams (e.g., how a Linux admin can coordinate with a Windows admin for AD FS configuration).
GitHub Create Pull Request

Scan History

Date Scan Status Result
2026-01-14 00:00 #250 in_progress Biased Biased
2026-01-13 00:00 #246 completed Biased Biased
2026-01-12 00:00 #243 cancelled Biased Biased
2026-01-11 00:00 #240 completed Biased Biased
2026-01-10 00:00 #237 completed Biased Biased
2026-01-09 00:34 #234 completed Biased Biased
2026-01-08 00:53 #231 completed Clean Clean
2026-01-08 00:00 #228 cancelled Clean Clean
2026-01-06 18:15 #225 cancelled Clean Clean
2025-09-14 00:00 #111 completed Biased Biased
2025-08-14 00:01 #80 cancelled Biased Biased
2025-08-13 00:00 #79 cancelled Clean Clean
2025-07-13 21:17 #46 cancelled Biased Biased
2025-07-13 21:11 #45 cancelled Clean Clean
2025-07-13 20:48 #44 cancelled Biased Biased
2025-07-13 20:32 #43 cancelled Biased Biased
2025-07-09 13:09 #3 cancelled Clean Clean
2025-07-08 04:23 #2 cancelled Biased Biased

Flagged Code Snippets

    <ClaimsProvider>
      <Domain>contoso.com</Domain>
      <DisplayName>Contoso</DisplayName>
      <TechnicalProfiles>
        <TechnicalProfile Id="Contoso-SAML2">
          <DisplayName>Contoso</DisplayName>
          <Description>Login with your AD FS account</Description>
          <Protocol Name="SAML2"/>
          <Metadata>
            <Item Key="WantsEncryptedAssertions">false</Item>
            <Item Key="PartnerEntity">https://your-AD-FS-domain/federationmetadata/2007-06/federationmetadata.xml</Item>
          </Metadata>
          <CryptographicKeys>
            <Key Id="SamlMessageSigning" StorageReferenceId="B2C_1A_SAMLSigningCert"/>
          </CryptographicKeys>
          <OutputClaims>
            <OutputClaim ClaimTypeReferenceId="issuerUserId" PartnerClaimType="userPrincipalName" />
            <OutputClaim ClaimTypeReferenceId="givenName" PartnerClaimType="given_name"/>
            <OutputClaim ClaimTypeReferenceId="surname" PartnerClaimType="family_name"/>
            <OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="email"/>
            <OutputClaim ClaimTypeReferenceId="displayName" PartnerClaimType="name"/>
            <OutputClaim ClaimTypeReferenceId="identityProvider" DefaultValue="contoso.com" />
            <OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="socialIdpAuthentication"/>
          </OutputClaims>
          <OutputClaimsTransformations>
            <OutputClaimsTransformation ReferenceId="CreateRandomUPNUserName"/>
            <OutputClaimsTransformation ReferenceId="CreateUserPrincipalName"/>
            <OutputClaimsTransformation ReferenceId="CreateAlternativeSecurityId"/>
            <OutputClaimsTransformation ReferenceId="CreateSubjectClaimFromAlternativeSecurityId"/>
          </OutputClaimsTransformations>
          <UseTechnicalProfileForSessionManagement ReferenceId="SM-Saml-idp"/>
        </TechnicalProfile>
      </TechnicalProfiles>
    </ClaimsProvider>