locked
Presenting customized ADFS pages RRS feed

  • Question

  • Hello,

    I am wondering if it is possible within ADFS (running Server 2012 R2 with WAP) to present a custom message/page based on claims criteria.

    The idea being if the user logs in and then the relying party claims are generated but the user does not meet the claim to access the relying party, can it then display or send the user to a customized page?

    Thanks.

    Thursday, March 10, 2016 9:12 PM

Answers

  • You cannot customized based on the value of a claim for the user.

    You can customize the error messages but those will not be contextualized with users' information. What you can also do if you have a WS-Fed trust, is configured a custom error message if a user did not have access because of your issuance authorization rules.

    See the section Custom Error Messages of this article: https://technet.microsoft.com/en-us/library/dn280950.aspx


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Friday, March 11, 2016 1:26 AM
  • Hi Pierre,

    Thanks for the reply. The part you mentioned about customizing WS-Fed trust if the user does not have access based on authorization rules, would that be this commandlet here?

    Set-AdfsRelyingPartyWebContent -Name fedpassive -ErrorPageAuthorizationErrorMessage "<p> You need to be a member of Security Auditors to access this site. Click <A href='http://accessrequest/'>here</A> for more information.</p>“

    Friday, March 11, 2016 2:39 PM

All replies

  • You cannot customized based on the value of a claim for the user.

    You can customize the error messages but those will not be contextualized with users' information. What you can also do if you have a WS-Fed trust, is configured a custom error message if a user did not have access because of your issuance authorization rules.

    See the section Custom Error Messages of this article: https://technet.microsoft.com/en-us/library/dn280950.aspx


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Friday, March 11, 2016 1:26 AM
  • Hi Pierre,

    Thanks for the reply. The part you mentioned about customizing WS-Fed trust if the user does not have access based on authorization rules, would that be this commandlet here?

    Set-AdfsRelyingPartyWebContent -Name fedpassive -ErrorPageAuthorizationErrorMessage "<p> You need to be a member of Security Auditors to access this site. Click <A href='http://accessrequest/'>here</A> for more information.</p>“

    Friday, March 11, 2016 2:39 PM
  • Yep, that will be this.

    Note that if you want to add a link in your message and if your ADFS environment is also available from the Internet through some WAP servers, think that they will not be able to reach a short name, they will need a routable FQDN.


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Friday, March 11, 2016 3:08 PM
  • Thanks again Pierre.
    Friday, March 11, 2016 3:32 PM