如何使用登录（用户/密码）文本框在同一页面上登录ADFS WIF联合身份验证和表单身份验证？

Question

How to sign-in to ADFS WIF federation AND Form auth on the same page with login (user/password) text-boxes?

Now I can use a link to redirect to adfs login with a prompt box to input domain user name and password. Can I use the same (user/password) text-boxes as form auth? So I don't wanna use the prompt box?

ps: another question, how can i do to pass auth automatically when i login in the domain of which supplies the adfs without inputting(SSO) User and Pass?

Thanks!

Answer 1

ADFS supports several ways of accepting user's credentials. The one with "prompt box" is most likely integrated or basic authentication. It is configurable on ADFS side: http://social.technet.microsoft.com/wiki/contents/articles/1600.ad-fs-2-0-how-to-change-the-local-authentication-type.aspx

If you need to configure forms authentication as a preferred option change in ADFS Web agent web.config order of local authentication types. Set Forms as a the first:

<microsoft.identityServer.web>
<localAuthenticationTypes>
  <add name="Forms" page="FormsSignIn.aspx" />
  <add name="Integrated" page="auth/integrated/" />
  <add name="TlsClient" page="auth/sslclient/" />
  <add name="Basic" page="auth/basic/" />
</localAuthenticationTypes>

Regarding the SSO, problem. It depends on browser:

• in IE you need to add ADFS URL to Trusted Sites or/and make sure that Trusted Sites zone in IE allows to send windows credentials. See: http://docs.acl.com/ax/310/index.jsp?topic=/com.acl.ax.admin.help/system_administration/t_configuring_internet_explorer_for_integrated_windows_authentication.html

• Chrome assumes that any page that contains '.' - dots in address is not secure enough to provide SSO, so probably you'll need to set up a dotless alias for your ADFS host.

• in Firefox you need to add ADFS URL network.automatic-ntlm-auth.trusted-uris See: http://sivel.net/2007/05/firefox-ntlm-sso/