Forum Discussion

Deleted

Nov 23, 2020

ADFS and Windows Integrated Authentication

Hi all. We have ADFS (Windows 2016) working fine for Forms Authentication. We have enabled WIA for Intranet, set the browser user agent strings (testing with Firefox and Microsoft Chromium Edge)...

Iron Contributor

Nov 23, 2020

Deleted

You might need to add the browser to the ADFS list

Check this one here

https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configure-ad-fs-browser-wia

Deleted
Nov 24, 2020
Thanks for the reply.

Yes we have added the user agent strings. This is what we have.

MSAuthHost/1.0/In-Domain
MSIE 6.0
MSIE 7.0
MSIE 8.0
MSIE 9.0
MSIE 10.0
Trident/7.0
MSIPC
Windows Rights Management Client
MS_WorkFoldersClient
=~Windows\s*NT.*Edge
Chrome
Mozilla/5.0
- farismalaeb
  Iron Contributor
  Nov 24, 2020
  Deleted
  I am not that expert in ADFS but did try to add it to the Trusted zone.
  Also, Check the ADFS log, usually, it contains a lot of great information
  Eventlog \ Application and Services Logs \ AD FS\ Admin
  
  I used to have a similar problem and was due to an integration issue with the code, but surely each case is different.
  what does the log say
  - Deleted
    Nov 25, 2020
    Thanks, there was nothing in the adfs log BUT there was in the Security log.
    
    There is an audit failure with a status code 0xC000035B.
    
    After some investigation I think the issue is down to our reverse proxy (apache) and NTLM/Kerberos authentication.
    
    I've found numerous resources explaining how to overcome this, will do some more research.
    
    thanks

Resources