locked
Form log-in takes precedance over windows integrated authentication on Intranet for a specific RP in ADFS 3.0 RRS feed

  • Question

  • Hi,

    I have configured a SAP application for SAML SSO via ADFS 3.0. I have enabled form log-in for extranet and enabled WIA & Form login for Intranet. All other relying parties are working just fine. But while accessing this SAP application on office network ( Intranet), form log-in is always taking precedence over WIA and users are always prompted with the form to enter the credentials. If I disable form log-in on ADFS, the WIA works seamlessly and users able to access the application via WIA. But when both WIA & form log-in are enabled, ADFS 3.0 always gives the form to user. I need to set WIA as first preference and fall back as Form for Intranet for this RP.

    Any help will be highly appreciated.

    Regards,

    JRD


    Monday, November 27, 2017 1:01 PM

All replies

  • Hello, are you making this setting at the global level  or at the SAP Relying Party Trust only? If not, probably want to check the settings at the RP level because if that is set differently then it might be an issue. Do you see this accross all browsers -IE, FF, Chrome, etc?

    Isaac Oben MCITP:EA, MCSE,MCC <a href="https://www.mcpvirtualbusinesscard.com/VBCServer/4a046848-4b33-4a28-b254-e5b01e29693e/interactivecard"> View my MCP Certifications</a>

    Friday, December 1, 2017 7:11 AM
  • Hello Isaac,

    The authentication policy is defined at global level. I don't see any settings to configure WIA/form log-in at RP level. I can only see one option at RP level " users are required to provide credentials each time at sign in" and this is unchecked. Do we have any customization available at RP level which can configure or prioritize WIA over Form ?

    Regards,

    JRD

    Tuesday, December 5, 2017 5:28 AM
  • Click on the authentication policies, then select the relying party app propperties and make sure the always require password to login is unchecked.

    Hope this helps,


    Isaac Oben MCITP:EA, MCSE,MCC <a href="https://www.mcpvirtualbusinesscard.com/VBCServer/4a046848-4b33-4a28-b254-e5b01e29693e/interactivecard"> View my MCP Certifications</a>

    Wednesday, December 6, 2017 6:38 AM
  • As I mentioned in my previous post, its already disabled. Do we have any other configs available to check the authentication priorities ?
    Wednesday, December 6, 2017 7:36 AM