IE 11.0 Login issue/ADFS 3.0 RRS feed

  • Question

  • Hello ,

    I’ve deployed FS on windows server 2012R2 but I have three problems.

    First when I’m using IE to test https://adfs.ssolab.local/adfs/ls/IdpInitiatedSignon.aspx

    It doesn’t automatically send username and password,instead it pops up and asks me to enter my credential manually even though I have configured *.ssolab.local in my interanet zone sites and enabled IWA and auto logon on IE settings.

    The second problem is that when it promtps if I type ssolab\MYUSER or MYUSER@ssolab.local or just simply enter MYUSER it will fail, I must type \MYUSER to not getting the prompt back again, 

    Third problem is that after that I type \myuser to login at first I’ll get an http 400 error and after that I have to refresh the page to complete the login process!!!

    Has anyone faced this situation ever?Do you have any suggestions or solutions for me? 

    PS:Using FF and Chrome I'll be redirected to a form page to enter the username and password and there I can type MYUSER@ssolab.local or ssolab\MYUSER, in both cases I can login without any problem


    Live your life .

    Thursday, September 6, 2018 5:33 AM

All replies

  • IdPInitiadeSignon is working as expected, you should see a page where you can choose the application/SP you would like to sign on to. 

    Regarding the SSO thing, try to ass your federation-servicename to the local intranet zone instead of the wildcard you have added. Also check so you have not added it in "trusted sites".

    Third issue, check logs as IdP and SP side and see why they are throwing a http 400.

    Thursday, September 6, 2018 6:17 AM
  • Thanks for your response, the problem was the SPN and fixed with the below command:

    setspn -s HTTP/ADFS.SSOLab.local X

    which X is the username that I used in the wizard for configuring ADFS

    Live your life .

    • Proposed as answer by Jorrk Friday, September 7, 2018 6:07 AM
    Thursday, September 6, 2018 5:12 PM
  • OK, the wizard should take care of that by default if you do not have the same name on your federation service as hostname on the server itself. Never have conflicting name on servers and on your federation service.

    Thx for sharing the solution.

    Friday, September 7, 2018 6:07 AM
  • Exactly, The name of FS was the same as Server Hostname because I used the Certificate Enrollment to get my certificate from CA, and I think the SN/SAN that the enrollment uses is exactly my Server Hostname for getting a signed SSL certificate, thereby in the wizard the FS name would be the same as my Server Hostname. is that right? is there any ways to change that so then I can set my Federation Service name to something other than the Server Hostanem?

    Live your life .

    Friday, September 7, 2018 6:19 AM