locked
Customizing HRD RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello,

    I am trying to setup ADFS to Bypass HRD for intranet and found the following note from MS:

    Please note that if an identity provider list for a relying party has been configured, even though the previous setting has been enabled and the user accesses from the intranet, AD FS still shows the home realm discovery (HRD) page. To bypass HRD in this case, you have to ensure that "Active Directory" is also added to the IDP list for this relying party. 

    Do you guys know how to Active Directory to the IDP list?

    Thank you


    Thursday, May 19, 2016 9:25 PM

Answers

  • Question
    Sign in to vote
    1
    Sign in to vote

    Never did find a really good way for this.. this worked for us for a specific use case, but it has its own issues (e.g. it's global, privacy settings can suppress)..  

    http://blog.auth360.net


    Friday, May 20, 2016 3:06 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    This article gives an example: https://technet.microsoft.com/en-us/library/dn280950.aspx

    So let's say you have 2 IDPs: "Active Directory" and "Trusted IDP". If you configure your RP to always used "Trusted IDP" AND if you configure the bypass of HRD for local users, then you set yourself in a situation where the local user can't access the RP. Therefore internal clients are prompted to know where you are coming from instead of just breaking. In that case you would add AD in the list such as:

    Set-AdfsRelyingPartyTrust -TargetName claimapp -ClaimsProviderName @("Fabrikam","Active Directory")

    Now it kinda defeats the purpose of your first setting...

    Tell us more about your configuration!

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Thursday, May 19, 2016 9:47 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    This article gives an example: https://technet.microsoft.com/en-us/library/dn280950.aspx

    So let's say you have 2 IDPs: "Active Directory" and "Trusted IDP". If you configure your RP to always used "Trusted IDP" AND if you configure the bypass of HRD for local users, then you set yourself in a situation where the local user can't access the RP. Therefore internal clients are prompted to know where you are coming from instead of just breaking. In that case you would add AD in the list such as:

    Set-AdfsRelyingPartyTrust -TargetName claimapp -ClaimsProviderName @("Fabrikam","Active Directory")

    Now it kinda defeats the purpose of your first setting...

    Tell us more about your configuration!

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Thursday, May 19, 2016 9:47 PM
  • Question
    Sign in to vote
    1
    Sign in to vote

    Never did find a really good way for this.. this worked for us for a specific use case, but it has its own issues (e.g. it's global, privacy settings can suppress)..  

    http://blog.auth360.net


    Friday, May 20, 2016 3:06 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Any updates?Do you need more info?

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Thursday, May 26, 2016 2:01 PM