none
SharePoint 2016 - ADFS - Access Request account is not the ADFS one but the Windows account RRS feed

  • Question

  • Hello,

    we have a problem with a SharePoint 2016 farm in production (CU february 2016).

    This SharePoint 2016 Farm has WebApps which use 2 authentications providers :
    - ADFS authentication provider (SAML)
    - Windows authentication provider (used only for the search crawling service)

    Our problem :
    When a user have an access denied on a web site, he can request an access to these site with the SharePoint standard access request form. But the account transmitted to the approuver is the user windows account, NOT the ADFS account.

    Thanks for your help


    Tuesday, September 26, 2017 8:55 AM

All replies

  • Hi Benoit,

    Which authentication provider did you use for the Default zone?

    You can try to set ADFS authentication provider as default zone, then test again, compare the result.

    In addition, check your IE browser, and make sure you don't set automatically logon for user.

    Thanks,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, September 28, 2017 9:17 AM
    Moderator
  • Hi Wendy,

    The ADFS authentification provider is already set for the default zone.

    And all users are automatically authenticated with this ADFS on the private LAN, for all webapps without any problem.

    Users have to be automatically identified on the private LAN, so we need to keep the automatically logon for users on IE.

    Regard's,

    Benoit

    Thursday, September 28, 2017 9:49 AM
  • Hey there,

    same shit here, but no solution.

    It is possible that the request doesnt use the ADFS?

    In our case we have a "second" active directory. This DMZ-AD is a filterd copy of the AD, but whitin the DMZ.

    When a request is granted, the dmz account is written in the sharepoint group.

    So my first idea was, there is no ADFS request, just a look in the local (but wrong dmz AD)!?

    Maybe this helps in some way :)

    Monday, November 27, 2017 2:18 PM
  • Did you find any solution for this issue?

    Sidd

    Tuesday, September 4, 2018 3:16 AM