Display ADFS 2.0 Forms Authentication Login Page Instead of Windows Authentication Prompt
After installing ADFS 2.0 for SharePoint a Windows login prompt was shown when the SharePoint site forwarded to the ADFS server instead of the ADFS Forms Authentication login screen.
The reason for this is that the ADFS website tries to use Windows Authentication before trying to use the Forms authentication which displays the loging page below.
No matter what account I tried to use here I would eventually receive a 401 Not Auhorized error.
The reason for this is that the ADFS website tries to use Windows Authentication before trying to use the Forms authentication which displays the loging page below.
![]() |
Forms Login Screen for ADFS 2.0 |
To fix this do the following on the ADFS server:
1. Open IIS and Explore under Default Website\adfs\ls
2. Open the web.config file with Notepad, look for the localAuthenticationTypes section.
3. Move the line for Forms above the line for Integrated and save the web.config file. This will force the ADFS application to use the Login Page authentication before trying to use Windows Authentication.
Thanks for posting this - it fixed exactly the problem I was having in being able to show the difference between form-based authn and IWA.
ReplyDeleteBut now users that could use SSO with Windows Auth. get the Forms login too.
ReplyDeleteThis is no solution to mix.
This is set in the web.config, the wsFederation node: authenticationType.
ReplyDeleteThanks for the info! Never thought about the XML order being relavent.
ReplyDeleteI was actually having the inverse issue where internal users would get Integrated Auth and external would have Forms from the ADFS Proxy. Moving the basic before the forms on the Proxy gives them a similar experience.
Thanks!
hi ,
ReplyDeletei am getting an exception 404 not found
please help me to rresolve this, i have already done web config changes.
thanks
harminder datla
I want to add two pages for FormsSignIn
ReplyDeleteone is for normal browser, another is for mobile browser.
Can I add two in web.config
Hi Richard,
ReplyDeleteIs it possible for adfs server to use Forms authentication or we have to take adfs server proxy for Forms Authentication ?
Thanks in advance
Pradeep Kumar
AMAZING! So easy to do! Just so hard to find. I gave one more effort to find a solution this morning and landed on yours and it worked instantly. Thank you sooo much.
ReplyDeleteThanks.
ReplyDeleteThis wasn't my exact issue but got me going in the right direction on my issue.
it works perfectly. Thanks a lot
ReplyDeleteFantastic - 2 days of trying to figure this out and a guy gives me a link to this page and BANG! Sorted.
ReplyDeleteThanks for taking the time to document this so clearly.
Thank you so much. This helped me resolve my problem.
ReplyDeleteThanks Richard.
ReplyDeleteBy the way, is there a way we can have the signed in windows users auto-login to the websites?
Hi Richard,
ReplyDeleteIf I use below snippet in config() method of spring security configuration, will it be work for me as well?
-> http.formLogin().loginPage("/saml/login");
Without fail, your writing style is top professional; even your website also looks amazing thank you for posting. www.hotmail.com entrar
ReplyDeleteWhat a post on ADFS. You have explained it in a way that everyone can get the solution for ADFS. I will often visit your website for the more blog posts. Thank you.
ReplyDeleteThe client can undoubtedly make the "entertaining" sends, letters advances and pamphlets, ie. the immaterial stuff, available by means of semi-login. hotmail sign in
ReplyDeleteHe can't get to different sends or change any record data. The client can choose what all things can be gotten to and changed when in semi login. hotmail
ReplyDelete