Display ADFS 2.0 Forms Authentication Login Page Instead of Windows Authentication Prompt

After installing ADFS 2.0 for SharePoint a Windows login prompt was shown when the SharePoint site forwarded to the ADFS server instead of the ADFS Forms Authentication login screen. 



No matter what account I tried to use here I would eventually receive a 401 Not Auhorized error.




The reason for this is that the ADFS website tries to use Windows Authentication before trying to use the Forms authentication which displays the loging page below.


Forms Login Screen for ADFS 2.0


To fix this do the following on the ADFS server:

1. Open IIS and Explore under Default Website\adfs\ls


2. Open the web.config file with Notepad, look for the localAuthenticationTypes section.



3. Move the line for Forms above the line for Integrated and save the web.config file.  This will force the ADFS application to use the Login Page authentication before trying to use Windows Authentication.


 

Comments

  1. Pat PattersonMarch 25, 2011 at 2:11 PM

    Thanks for posting this - it fixed exactly the problem I was having in being able to show the difference between form-based authn and IWA.

    ReplyDelete
  2. DudeJuly 22, 2011 at 8:57 AM

    This is set in the web.config, the wsFederation node: authenticationType.

    ReplyDelete
  3. AnonymousAugust 15, 2011 at 6:55 PM

    Thanks for the info! Never thought about the XML order being relavent.

    I was actually having the inverse issue where internal users would get Integrated Auth and external would have Forms from the ADFS Proxy. Moving the basic before the forms on the Proxy gives them a similar experience.

    Thanks!

    ReplyDelete
  4. harminder datlaSeptember 14, 2011 at 2:26 PM

    hi ,

    i am getting an exception 404 not found
    please help me to rresolve this, i have already done web config changes.

    thanks
    harminder datla

    ReplyDelete
  5. UnknownNovember 23, 2011 at 5:24 PM

    I want to add two pages for FormsSignIn
    one is for normal browser, another is for mobile browser.
    Can I add two in web.config

    ReplyDelete
  6. Pradeep KumarDecember 12, 2011 at 8:48 AM

    Hi Richard,

    Is it possible for adfs server to use Forms authentication or we have to take adfs server proxy for Forms Authentication ?

    Thanks in advance
    Pradeep Kumar

    ReplyDelete
  7. Jeff KykerMarch 5, 2012 at 11:32 AM

    AMAZING! So easy to do! Just so hard to find. I gave one more effort to find a solution this morning and landed on yours and it worked instantly. Thank you sooo much.

    ReplyDelete
  8. EugeneApril 5, 2012 at 1:05 AM

    Thanks.

    This wasn't my exact issue but got me going in the right direction on my issue.

    ReplyDelete
  9. yahooMarch 6, 2013 at 1:37 AM

    it works perfectly. Thanks a lot

    ReplyDelete
  10. Simon de LisleMay 23, 2014 at 2:12 AM

    Fantastic - 2 days of trying to figure this out and a guy gives me a link to this page and BANG! Sorted.

    Thanks for taking the time to document this so clearly.

    ReplyDelete
  11. UnknownMarch 15, 2015 at 11:03 AM

    Thank you so much. This helped me resolve my problem.

    ReplyDelete
  12. UnknownMarch 1, 2016 at 12:39 AM

    Thanks Richard.

    By the way, is there a way we can have the signed in windows users auto-login to the websites?

    ReplyDelete
  13. UnknownJune 11, 2019 at 2:34 AM

    Hi Richard,

    If I use below snippet in config() method of spring security configuration, will it be work for me as well?

    -> http.formLogin().loginPage("/saml/login");

    ReplyDelete
  14. Muhammad HassanAugust 6, 2020 at 1:53 PM

    Without fail, your writing style is top professional; even your website also looks amazing thank you for posting. www.hotmail.com entrar

    ReplyDelete
  15. HyperV BackupAugust 10, 2020 at 3:33 AM

    What a post on ADFS. You have explained it in a way that everyone can get the solution for ADFS. I will often visit your website for the more blog posts. Thank you.

    ReplyDelete
  16. pandaNovember 21, 2020 at 4:10 AM

    The client can undoubtedly make the "entertaining" sends, letters advances and pamphlets, ie. the immaterial stuff, available by means of semi-login. hotmail sign in

    ReplyDelete
  17. pandaNovember 21, 2020 at 4:11 AM

    He can't get to different sends or change any record data. The client can choose what all things can be gotten to and changed when in semi login. hotmail

    ReplyDelete
  18. Unow22November 10, 2021 at 12:57 PM

    This Sub- Solution product is designed, keeping in mind the specific gravity, creatinine content, shelf life as well as pH value of real human urine. This fake urine, too, is free of any kind of toxins and biocides. Plenty Of Positive Reviews: We cannot stress enough the importance of positive reviews on a product. We can only check the ingredients, source, and other information published by Sub-Solution itself. But it is the reviews where we can see the real picture through a customer’s eyes. Clear Choice Sub Solution Synthetic Urine Kit has quite a few positive reviews and a good rating with testimonials from customers stating its effectiveness in the drug tests. As we can understand from them, it is worth the price. Heat Activator Powder Formula: The best part about this synthetic pee is that it comes with a heat-activator powder formula. Sometimes, you do not have enough time on your hand to wait for the synthetic pee to rise to a proper temperature, and this is where the heat activator comes in handy. This heat-activator powder formula will come in handy. So, plan accordingly!  Freezing and reheating urine samples from friends and family for the purpose of drug testing is a common trick. However, whatever kind of urine you’re using will need to be brought back to the right temperature (approximately 90-100 degrees).  When it comes to freezing and reheating synthetic urine, there are a few complications:  If you’re not following the instructions carefully enough and mess up the sample, then the fact that you’re using synthetic urine will be detected. However, if you follow all the directions and execute it perfectly, you’ll pass undetected.  If you’re looking for a way to fool the monitor that checks if you’re actually peeing, then you’ll be pleased to know there’s a solution. Several synthetic urine brands provide urination devices you can use to make it seem like the real deal.  There are several ways to hide the pee when you’re going in for a drug test. The worst idea, however, is to leave it in your pocket. Generally, people will use a belt with a tube that you can run down your leg to make it seem like you’re actually peeing.  Some companies provide the belt, but you can also fashion one for yourself.

    ReplyDelete

Post a Comment

Popular posts from this blog

Add User As Local Administrator On Domain Controller

I recently was settting up a new Microsoft SharePoint 2010 machine and had promoted the machine to a domain controller before creating my SharePoint admin accounts.  I needed to add several of my accounts to the local Administrators group.  Unfortunately after you promote a server to a domain controller you can no longer access the GUI for Local Users and Groups.  Instead I had to use the command line to add the users. Open a command promt using the "Run as administrator" function and then run the following command. net localgroup Administrators /add {domain}\{user} Note: do not include the {} brackets.
Read more

Calling Dataverse Web API in PowerShell using Client Credentials

Image
Connecting to Dataverse using PowerShell can be very helpful for data migrations and use within Azure DevOps. Connecting to an instance in a non-interactive way can be tricky though. This article will provide you the links you need for creation and App registration and adding the app user to your environment. You can then utilize the script provided to call Web API requests including ones you define using the new Custom API functionality now available. The script was written so that it is not dependent on any outside libraries such as the Microsoft.Xrm.Tooling connector. This is helpful in situation where involving an outside library will slow down your deployment time by having to be approved in a change control board. If utilizing an outside code library is not a concern you can create a connection to Dataverse utilizing the Microsoft.Xrm.Tooling connector Get-CrmConnection cmdlet. Create App Registration The first thing to do is create an App Registration within Azure AD for
Read more

Windows Server 2008R2 VMs Shut Down After 1 to 2 Hours

Image
When created a lab environment to test ADFS 2.0 I utilized the Windows 2008R2 VM baselines distributed by Microsoft.  After a few days I was told that I had to activate.  The VMs included a 180 day license for use but I didn't feel like adding another network adapter into Hyper-V to connect them to the internet.  I started having issues though where the servers would shut down every hour or so.  I though that maybe there was a memory issue and Hyper-V was shutting them down in order to free up RAM.  Turns out that if Server 2008R2 is not activated it automatically shuts down after a period of time.  After connecting the server to the internet and activating them the problem went away. Finally the madness of the unknown shut downs has ended :)
Read more