locked
ADFS SSO over Trust RRS feed

  • Question

  • Dear All. We use Zscaler cloud proxy in our environment. We have ADFS configured for SSO. ADFS is configured in Server 2012 R2 (ADFS 3.0) . ADFS server is a member of the domain X.com. We have another domain Y.com and there is a two way trust between each other. The scenarios users in X.com can enjoy the SSO and its automatically getting authenticated where as  users in Y.com are prompted for password and even if manually entered it doesn't go through. I opened one of the user in Y.com's IE settings and unchecked the "enabled integrated authentication" and its working. How to fix this issue that both the domain users must experience SSO without any issue.

    Regards

    Anoop


    Anoop

    Friday, November 18, 2016 5:54 PM

All replies

  • Please note that I've added sts.domainx.com to the Internet Explorer Intranet zone, confirmed that "Enable Windows Integrated Authentication" is enabled, confirmed that automatic logon is enabled for the intranet zone

    Anoop

    Friday, November 18, 2016 6:28 PM
  • Is there an HTTP proxy config on that side?

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Friday, November 18, 2016 6:43 PM
  • No. 

    Anoop

    Friday, November 18, 2016 7:16 PM
  • Well, then a fiddler trace (sanitized of with a test user) might help :)

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Friday, November 18, 2016 10:30 PM
  • Any update?

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Friday, November 25, 2016 8:18 PM