Forum Discussion

Deleted

Nov 23, 2020

ADFS and Windows Integrated Authentication

Hi all. We have ADFS (Windows 2016) working fine for Forms Authentication. We have enabled WIA for Intranet, set the browser user agent strings (testing with Firefox and Microsoft Chromium Edge)...

Windows Server

farismalaeb

Iron Contributor

Nov 23, 2020

Deleted

You might need to add the browser to the ADFS list

Check this one here

https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configure-ad-fs-browser-wia

Deleted

Nov 24, 2020

Thanks for the reply.

Yes we have added the user agent strings. This is what we have.

MSAuthHost/1.0/In-Domain
MSIE 6.0
MSIE 7.0
MSIE 8.0
MSIE 9.0
MSIE 10.0
Trident/7.0
MSIPC
Windows Rights Management Client
MS_WorkFoldersClient
=~Windows\s*NT.*Edge
Chrome
Mozilla/5.0

farismalaeb
Iron Contributor
Nov 24, 2020
Deleted
I am not that expert in ADFS but did try to add it to the Trusted zone.
Also, Check the ADFS log, usually, it contains a lot of great information
Eventlog \ Application and Services Logs \ AD FS\ Admin

I used to have a similar problem and was due to an integration issue with the code, but surely each case is different.
what does the log say
- Deleted
  Nov 25, 2020
  Thanks, there was nothing in the adfs log BUT there was in the Security log.
  
  There is an audit failure with a status code 0xC000035B.
  
  After some investigation I think the issue is down to our reverse proxy (apache) and NTLM/Kerberos authentication.
  
  I've found numerous resources explaining how to overcome this, will do some more research.
  
  thanks
  - Marcel_Palme
    Copper Contributor
    Nov 25, 2020
    
    Please try to add the ADFS site to the list of trusted sites in IE that should help