locked
Customizing HRD RRS feed

  • Question

  • Hello,

    I am trying to setup ADFS to Bypass HRD for intranet and found the following note from MS:

    Please note that if an identity provider list for a relying party has been configured, even though the previous setting has been enabled and the user accesses from the intranet, AD FS still shows the home realm discovery (HRD) page. To bypass HRD in this case, you have to ensure that "Active Directory" is also added to the IDP list for this relying party. 

    Do you guys know how to Active Directory to the IDP list?

    Thank you


    Thursday, May 19, 2016 9:25 PM

Answers

  • Never did find a really good way for this.. this worked for us for a specific use case, but it has its own issues (e.g. it's global, privacy settings can suppress)..  


    http://blog.auth360.net


    Friday, May 20, 2016 3:06 PM
  • This article gives an example: https://technet.microsoft.com/en-us/library/dn280950.aspx

    So let's say you have 2 IDPs: "Active Directory" and "Trusted IDP". If you configure your RP to always used "Trusted IDP" AND if you configure the bypass of HRD for local users, then you set yourself in a situation where the local user can't access the RP. Therefore internal clients are prompted to know where you are coming from instead of just breaking. In that case you would add AD in the list such as:

    Set-AdfsRelyingPartyTrust -TargetName claimapp -ClaimsProviderName @("Fabrikam","Active Directory")
    

    Now it kinda defeats the purpose of your first setting...

    Tell us more about your configuration!


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Thursday, May 19, 2016 9:47 PM

All replies

  • This article gives an example: https://technet.microsoft.com/en-us/library/dn280950.aspx

    So let's say you have 2 IDPs: "Active Directory" and "Trusted IDP". If you configure your RP to always used "Trusted IDP" AND if you configure the bypass of HRD for local users, then you set yourself in a situation where the local user can't access the RP. Therefore internal clients are prompted to know where you are coming from instead of just breaking. In that case you would add AD in the list such as:

    Set-AdfsRelyingPartyTrust -TargetName claimapp -ClaimsProviderName @("Fabrikam","Active Directory")
    

    Now it kinda defeats the purpose of your first setting...

    Tell us more about your configuration!


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Thursday, May 19, 2016 9:47 PM
  • Never did find a really good way for this.. this worked for us for a specific use case, but it has its own issues (e.g. it's global, privacy settings can suppress)..  


    http://blog.auth360.net


    Friday, May 20, 2016 3:06 PM
  • Any updates?Do you need more info?

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Thursday, May 26, 2016 2:01 PM