Authentication type

All replies

• 

  

  0

  Sign in to vote

  Hello WIA will be applied for internal/intranet access and form based will be applied from external/internet access. 

  ---

  Isaac Oben MCITP:EA, MCSE,MCC <a href="https://www.mcpvirtualbusinesscard.com/VBCServer/4a046848-4b33-4a28-b254-e5b01e29693e/interactivecard"> View my MCP Certifications</a>

  • Proposed as answer by Pierre Audonnet [MSFT]Microsoft employee Thursday, April 18, 2019 9:51 PM
  • Marked as answer by Hamid Sadeghpour SalehMVP Thursday, September 5, 2019 8:00 AM

  Tuesday, April 16, 2019 5:21 AM
• 

  

  0

  Sign in to vote

  As long as the RP does not specify FBA explicity in its redirect, the user will have to do WIA internally.

  If the browser is not supported for WIA, it will fall back to FBA but then you can configure the list os supported browser: https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configure-intranet-forms-based-authentication-for-devices-that-do-not-support-wia

  ---

  Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

  • Proposed as answer by Pierre Audonnet [MSFT]Microsoft employee Thursday, April 18, 2019 9:51 PM
  • Marked as answer by Hamid Sadeghpour SalehMVP Thursday, September 5, 2019 8:00 AM

  Thursday, April 18, 2019 9:51 PM
• 

  

  0

  Sign in to vote

  Hi Pie,

       we have an application which connect adfs for intranet based. Always it throws the WIA. our expectation is form based authentication. In global setting both WIA and FBA are checked and WS-federation mode.

  in your post

  As long as the RP does not specify FBA explicitly in its redirect, the user will have to do WIA internally

  it means is there any configuration can be achieved for a relying party which should always work on FBA.

  or in application level when we call the ADFS url do we need send any parameter telling adfs to show FBA screen instead of WIA mode.

  Need you support and help if you can share any link to set the FBA particularly for a relying party or in coding level how to tell the ADFS to open the FBA login always 

  Thursday, April 25, 2019 6:33 AM
• 

  

  0

  Sign in to vote

  Hello

  Below is just an extract of what the Relying Party (application) should include in the RST (Request for Security Token) to ADFS:

  WS-Federation

  authenticationType="urn:oasis:names:tc:SAML:1.0:am:password"

  SAML 2.0 Protocol

  <saml:AuthnContextClassRef
  xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>

  Thursday, April 25, 2019 11:05 AM
• 

  

  0

  Sign in to vote

  Hi Moloko Velocette,

  Thanks, How and where they will add this can you please show in the screen shot, since we are app developers

  if you help is screen shot will be helpful to update that in ADFS configuration. one more thing in ADFS they have enable WS-federation

  Thursday, April 25, 2019 11:53 AM
• 

  

  0

  Sign in to vote

  Hello Isaac,

  WIA will be applied for internal/internet, however both (Form & WIA) are enabled for internal/intranet.

  which will be applied first?

  Regards

  Aamir Masthan

  ---

  NA

  Monday, April 29, 2019 2:21 PM
• 

  

  0

  Sign in to vote

  Hello Isaac,

  What if both WIA & form based are enable in intranet, which one will be applied first and which one will be fallback

  ---

  NA

  Thursday, May 16, 2019 12:38 PM
• 

  

  0

  Sign in to vote

  If they are using IIS then this is a setting in web.config in the <wsFederation> tag.

  https://docs.microsoft.com/en-us/dotnet/framework/configure-apps/file-schema/windows-identity-foundation/wsfederation

  Thursday, May 16, 2019 6:31 PM