locked
ADFS 3.0 custom login for cetificate authentication RRS feed

  • Question

  • Hi,

    When only Certificate Authentication is used in ADFS 3.0 (that is, no other Authentication Method is selected under Primary Authentication Global Settings), the logon page automatically prompts for user's certificate. I want to disable the automatic popup and want to provide a link that lauches the popup instead. Can this be done? If so, can anyone guide me to the right direction?

    Thanks,

    Thursday, July 6, 2017 10:43 AM

All replies

  • It might... Never tried. When you just have certificate enabled the follow JavaScript kicks in:

        <script type="text/javascript">
            document.body.onload = function () {
                var newDiv = document.createElement("div");
                newDiv.innerHTML = "<input id='RetrieveCertificate' type='hidden' name='RetrieveCertificate' value='1' />";
                document.forms["options"].appendChild(newDiv);
                SelectOption("CertificateAuthentication");
            }
        </script>
    

    Which automatically click on the link for you. You could try to overwrite it. And not to have it onload but only on a click.

    Or you could add FBA authentication as well in the primary auth policy and use JavaScript to hide the form and that leave you with just one link to click on.


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Thursday, July 6, 2017 1:03 PM
  • Thanks for the tips. I'll try both out. How do I access the javasript to edit?
    Thursday, July 6, 2017 1:18 PM
  • You cannot modify the existing JS. You can try to re-write it with some other JS. Although I am not sure if all browser deal the same way when the have two times the same function define in a page.

    To inject your own JS, you will have to create a custom WebTheme first. This is all described here: https://docs.microsoft.com/en-ca/windows-server/identity/ad-fs/operations/advanced-customization-of-ad-fs-sign-in-pages


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Thursday, July 6, 2017 2:04 PM