locked
Prevent Home Realm Discovery page for internal users RRS feed

  • Question

  • Hello,

    I'm using many IDP (ADFSClaimsProviderTrusts), for one Relying Party (ADFSRelyingPatyTrust).

    One of providers is our internal Active Directory.

    Case 1

    - I enable Integrated Windows Authentication(IWA)
    - RP configured with Active Directory Provider only
    => Application works fine, without HRD page

    Case 2

     - I enable IWA
     - RP configured with Active Directory and third party LDAP provider
    => I must choose directory, that I don't want

    Case 3

     - I enable IWA
     - RP configured with Active Directory and third party LDAP provider
     - I configure "organizationalAccountSuffix" parameter on Providers trust
     - the 
    IntranetUseLocalClaimsProvider parameter is set to "True"
    => from external: I give login, next password, and it works fine for all users
    => from internal users: I must give login. If @internaldomain.com, IWA works, and I'm logged on.
    How can I prevent the login page for internal users ?

    Thanks


    Jean-Luc CHANDEZON [MCT]

    Thursday, April 4, 2019 3:54 PM

Answers

  • I changed ADFS version from 2016 to 2019.

    I changed parameter for ADFSServer:

    Set-AdfsProperties -IntranetUseLocalClaimsProvider $false

    I changed external authentication method parameter on ADFS server:

    Set-AdfsGlobalAuthenticationPolicy -AllowAdditionalAuthenticationAsPrimary $true

    Consequently, you can see a new form page, similar to HRD page. When typing a third-party @mail, everything is ok.


    Jean-Luc CHANDEZON [MCT]

    • Marked as answer by Jean-LucCh Tuesday, July 2, 2019 12:31 PM
    Tuesday, July 2, 2019 12:31 PM