ADFS Authentication using ADAL never requires user to enter credentials RRS feed

  • Question

  • Good day - 

    We are running ADFS 3 on Windows Server 2012 R2, and using the ADAL libraries to retrieve an authentication token from ADFS for our custom application.  The application is an internal LOB application, and all users are internal users who are logged onto AD through when using the application.

    The behaviour I am seeing is that, when authentication is triggered for the Web API, a browser Window flashes up but never pauses to force the user to authenticate - ADFS just responds with a token for the user.  I expected the users to have to authenticate at least immediately after a password change.

    Is this expected behaviour, and why?  Is it still expected behaviour of the Web API is a custom .NET service, not O365?  This answer is to a different question, but implies that in this situation IWA will be used unless ADFS is configured to force FBA.  I am looking for confirmation that this is the case when Office 365 is not involved?



    Peter Wood

    Wednesday, February 1, 2017 6:34 AM