This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Remove From My Forums

ADFS 2016 : Direct URL with specific AuthenticationPolicy ?

Question
0

Sign in to vote

Hi everyone,

Already play with a while to construct specific ADFS url with HTTP GET settings like RedirectToIdentityProvider and logintorp, for permit have correct redirection, bypass some screen question and going directly to the webapp.

I'm actually try to find a way to get a direct URL for use a specific Authentication Policy. For example, I enable Forms and Azure MFA as primary authentication (or even x509 etc..), and like some app having conditional access based on authentification type, the user need to click on specific authentication link behind the forms.

My goal, is to provide an URL where users can go directly to the target authentication method.

Someone know if it's possible, and if yes what is the correct GET (or whatever) to do ?

I see that for Azure Primary Authentication, when user click the self page is refresh with a POST AuthMethod with value AzurePrimaryAuthentication. It's doesn't work as a GET, only POST. (I don't want to have an intermediate page for push this POST settings)

Thank you,
Alex

GIRAUD Alexandre - MVP Forefront France http://www.alexgiraud.net/blog Note : Si ma réponse vous a été utile, ou apporté une résolution; merci de voter ou de la marquer comme réponse.

Saturday, April 22, 2017 9:21 AM

All replies

0

Sign in to vote
This isn't really in the URL itself. Although you can force a re-auth with prompt=login (the old way was wauth=password I think). That is something to decide at the application level, in the configuration of the trust between the app and your ADFS farm.
Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.
- Proposed as answer by Michael Rowe (NZ) Sunday, April 30, 2017 2:32 AM
- Unproposed as answer by GIRAUD Alexandre - MVP Forefront - 3SR Saturday, May 6, 2017 6:10 PM
Monday, April 24, 2017 6:50 PM
0

Sign in to vote

Hi paul,

Thank for your response, and i see what you mean. But in my case, it will not work cause it's just an OWA 2007 webpage. So I can't add this custom on application level.

I was just able to set a conditional access in ADFS, to not authorize access if using simple login and so, only authorize users with AzurePrimaryAuthentication.

Are there any documentation about all GET settings that we can use with ADFS ? only found some blog explain some, but not yet a global article who can detail all

Alex
GIRAUD Alexandre - MVP Forefront France http://www.alexgiraud.net/blog Note : Si ma réponse vous a été utile, ou apporté une résolution; merci de voter ou de la marquer comme réponse.

Saturday, May 6, 2017 6:10 PM