cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

ADFS and Windows Integrated Authentication

whatwaht
Brass Contributor

‎Nov 22 2020 09:00 PM

‎Nov 22 2020 09:00 PM

ADFS and Windows Integrated Authentication

Hi all.

 

We have ADFS (Windows 2016) working fine for Forms Authentication.  We have enabled WIA for Intranet, set the browser user agent strings (testing with Firefox and Microsoft Chromium Edge).

 

We get the Sign in as current user link but when clicked the browser shows a prompt for the users credentials rather than using the logged in credentials.

 

We have set the url for our adfs implementation in Firefox config under network.automatic-ntlm-auth.trusted-uris.

 

We have also set it in AuthNegotiateDelegateAllowList and AuthServerAllowList for Chromium Edge.  We also set it as an Intranet Zone in Internet Options.

 

Is there something we are missing?

 

cheers

 

j

Labels:
5,477 Views
0 Likes
5 Replies
Reply
5 Replies
farismalaeb

‎Nov 22 2020 10:35 PM

‎Nov 22 2020 10:35 PM

Re: ADFS and Windows Integrated Authentication

@whatwaht 

You might need to add the browser to the ADFS list

Check this one here

https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configure-ad-fs-browser-wi...

0 Likes
Reply
whatwaht

‎Nov 23 2020 05:18 PM

‎Nov 23 2020 05:18 PM

Re: ADFS and Windows Integrated Authentication

Thanks for the reply.

Yes we have added the user agent strings. This is what we have.

MSAuthHost/1.0/In-Domain
MSIE 6.0
MSIE 7.0
MSIE 8.0
MSIE 9.0
MSIE 10.0
Trident/7.0
MSIPC
Windows Rights Management Client
MS_WorkFoldersClient
=~Windows\s*NT.*Edge
Chrome
Mozilla/5.0
0 Likes
Reply
farismalaeb

‎Nov 23 2020 11:03 PM

‎Nov 23 2020 11:03 PM

Re: ADFS and Windows Integrated Authentication

@whatwaht 

I am not that expert in ADFS but did try to add it to the Trusted zone.

Also, Check the ADFS log, usually, it contains a lot of great information

Eventlog \ Application and Services Logs \ AD FS\ Admin

 

I used to have a similar problem and was due to an integration issue with the code, but surely each case is different.

what does the log say

0 Likes
Reply
whatwaht

‎Nov 24 2020 04:39 PM

‎Nov 24 2020 04:39 PM

Re: ADFS and Windows Integrated Authentication

Thanks, there was nothing in the adfs log BUT there was in the Security log.

 

There is an audit failure with a status code 0xC000035B.

 

After some investigation I think the issue is down to our reverse proxy (apache) and NTLM/Kerberos authentication.

 

I've found numerous resources explaining how to overcome this, will do some more research.

 

thanks

0 Likes
Reply
Marcel_Palme

‎Nov 25 2020 01:15 AM

‎Nov 25 2020 01:15 AM

Re: ADFS and Windows Integrated Authentication


Please try to add the ADFS site to the list of trusted sites in IE that should help
0 Likes
Reply