Home

adfs and wia fallback

%3CLINGO-SUB%20id%3D%22lingo-sub-994738%22%20slang%3D%22en-US%22%3Eadfs%20and%20wia%20fallback%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-994738%22%20slang%3D%22en-US%22%3E%3CP%3EHi%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ecurrent%20setup.%26nbsp%3B%3C%2FP%3E%3CP%3E1.%20login%20to%203rd%20party%20web%20app%20using%20ADFS%3C%2FP%3E%3CP%3E2.%20WIA%20works%20from%20domain%20joined%20clients%20on%20LAN%3C%2FP%3E%3CP%3E3.%20all%20external%20clients%20login%20using%20forms%20based%20og%20login%20page%20on%20ADFS%3C%2FP%3E%3CP%3E4.%20internal%20non-domain%20joined%20clients%20and%20iPads%2FMacs%20won't%20fallback%20to%20username%2Fpassword%20on%20internal%20LAN%2C%20and%20will%20somehow%20go%20directly%20to%203rd%20parties%20web%20app%20showing%20Accecss%20Denied%3C%2FP%3E%3CP%3E5.%203rd%20party%20web%20app%20is%20configured%20to%20use%20WIA%20when%20auth%20request%20comes%20from%20our%20LAN%20public%20IPs%2C%20and%20password%20protect%20when%20it%20comes%20from%20any%20other%20public%20IPs%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EProblem.%3C%2FP%3E%3CP%3E1.%20having%20non-domain%20joined%20clients%2C%20and%20non%20windows%20systems%20fallback%20to%20username%2Fpassword%20auth%20when%20on%20LAN%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETroubleshooting%20steps%20taken%3C%2FP%3E%3CP%3E1.%20get-AdfsGlobalAuthenticationPolicy%3C%2FP%3E%3CP%3EPrimaryIntranetAuthenticationProvider%20-%20(FormsAuthentication%2C%20WindowsAuthentication)%3C%2FP%3E%3CP%3EWindowsIntegratedFallbackEnabled%20-%20True%3C%2FP%3E%3CP%3E2.%20added%20Chrome%20iOS%20agent%20to%20supported%20agents%20(Mozilla%2F5.0%20(Macintosh%3B%20Intel%20Mac%20OSX)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWill%20this%20have%20to%20be%20tweaked%20at%203rd%20party%20web%20app%20aswell%3F%26nbsp%3B%3CBR%20%2F%3EWe%20have%20other%203rd%20party%20systems%20configured%20and%20they%20work%20with%20WIA%20fallback%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-994738%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECommunity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1011780%22%20slang%3D%22en-US%22%3ERe%3A%20adfs%20and%20wia%20fallback%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1011780%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F451673%22%20target%3D%22_blank%22%3E%40Jakob_Di%3C%2FA%3E%3C%2FP%3E%0A%3CP%3EHello!%20You've%20posted%20your%20question%20in%20the%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FCommunity-Discussion%2Fbd-p%2FCommunityQuestions%22%20target%3D%22_blank%22%3ECommunity%20Discussion%20space%3C%2FA%3E%2C%20which%20is%20intended%20for%20discussion%20around%20the%20Tech%20Community%20website%20itself%2C%20not%20product%20questions.%20I'm%20moving%20your%20question%20to%20the%26nbsp%3BWindows%20Server%20space-%20please%20post%20Windows%20Server%20questions%20here%20in%20the%20future.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Jakob_Di
Occasional Visitor

Hi

 

current setup. 

1. login to 3rd party web app using ADFS

2. WIA works from domain joined clients on LAN

3. all external clients login using forms based og login page on ADFS

4. internal non-domain joined clients and iPads/Macs won't fallback to username/password on internal LAN, and will somehow go directly to 3rd parties web app showing Accecss Denied

5. 3rd party web app is configured to use WIA when auth request comes from our LAN public IPs, and password protect when it comes from any other public IPs

 

Problem.

1. having non-domain joined clients, and non windows systems fallback to username/password auth when on LAN

 

Troubleshooting steps taken

1. get-AdfsGlobalAuthenticationPolicy

PrimaryIntranetAuthenticationProvider - (FormsAuthentication, WindowsAuthentication)

WindowsIntegratedFallbackEnabled - True

2. added Chrome iOS agent to supported agents (Mozilla/5.0 (Macintosh; Intel Mac OSX)

 

Will this have to be tweaked at 3rd party web app aswell? 
We have other 3rd party systems configured and they work with WIA fallback

1 Reply

@Jakob_Di

Hello! You've posted your question in the Community Discussion space, which is intended for discussion around the Tech Community website itself, not product questions. I'm moving your question to the Windows Server space- please post Windows Server questions here in the future. 

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
30 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies