Forum Discussion
ADFS Custom 401 Error Page for denied Access
LeonPavesic Thank you for your answer but are you sure that this applies to newest ADFS version?
1. Open the ADFS Management Console.
2. Go to Policies > Claims Providers > Edit Claim Provider for the claim provider that you want to configure.
I think you are talking about "Claims Provider Trust"?
The option to access "Properties" is greyed out.
Another approach I've tried is to configure the "ErrorPageAuthorizationErrorMessage" parameter with PowerShell:
Set-AdfsGlobalWebContent -ErrorPageAuthorizationErrorMessage "You have received an Authorization error. Contact IT for assistance."
But I cannot find any difference after setting this parameter.
Hi derSchweiger,
Yes, the steps I provided apply to the newest ADFS version (4.0). However, I apologize for the confusion about the "Claims Provider Trust" dialog box.
If the "Properties" option is grayed out for you, it is because you are trying to edit a built-in claims provider. Built-in claims providers cannot be edited. You need to create a new claims provider trust and then configure it to use your custom error page.
To create a new claims provider trust in ADFS, follow these steps:
Open the ADFS Management Console.
Go to Trust Relationships > Claims Provider Trusts.
Click Add Claim Provider Trust.
On the Welcome page, click Start.
On the Select Data Source page, select Enter data about the claims provider manually.
On the Specify Claim Provider Type page, select the type of claims provider that you want to create.
On the Specify Claim Provider Details page, enter the following information:
- Claim provider name: The name of the claims provider.
- Claim provider identifier: The identifier of the claims provider. This is a unique value that is used to identify the claims provider to ADFS.
- Metadata URL: The URL of the claims provider's metadata. This is optional, but it is recommended.
- Supported identity types: The types of identities that the claims provider supports.
On the Configure Claims Issuance page, select the claims that you want to issue to users when they authenticate to the claims provider.
On the Configure Claims Acceptance page, select the claims that you want to accept from the claims provider.
On the Relying Party Trusts page, select the relying party trusts that you want to trust the claims provider.
On the Ready to Add Trust page, review the settings and then click Add.
Once you have created a new claims provider trust, you can configure it to use your custom error page by following the steps in my previous response.
Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.
If the post was useful in other ways, please consider giving it Like.
Kindest regards,
Leon Pavesic
- Please correct me if I'm wrong but you can't create an AD DS Claims Provider Trust on your own?
Hi derSchweiger,
Please note that the ability to customize error pages for individual Claims Provider Trusts is not a standard feature in ADFS. Customizing error handling and messaging in your applications is usually the recommended approach for providing a better user experience when access is denied.
If you have specific requirements or limitations within your environment, you may want to consult Microsoft's official documentation or consider seeking assistance from Microsoft Support to explore additional customization options.Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.If the post was useful in other ways, please consider giving it Like.
Kindest regards,
Leon Pavesic
