Display ADFS 2.0 Forms Authentication Login Page Instead of Windows Authentication Prompt

After installing ADFS 2.0 for SharePoint a Windows login prompt was shown when the SharePoint site forwarded to the ADFS server instead of the ADFS Forms Authentication login screen. 



No matter what account I tried to use here I would eventually receive a 401 Not Auhorized error.




The reason for this is that the ADFS website tries to use Windows Authentication before trying to use the Forms authentication which displays the loging page below.


Forms Login Screen for ADFS 2.0


To fix this do the following on the ADFS server:

1. Open IIS and Explore under Default Website\adfs\ls


2. Open the web.config file with Notepad, look for the localAuthenticationTypes section.



3. Move the line for Forms above the line for Integrated and save the web.config file.  This will force the ADFS application to use the Login Page authentication before trying to use Windows Authentication.


 

Comments

Superpat said…
Thanks for posting this - it fixed exactly the problem I was having in being able to show the difference between form-based authn and IWA.
March 25, 2011 at 2:11 PM
Job Vermeulen said…
But now users that could use SSO with Windows Auth. get the Forms login too.

This is no solution to mix.
May 9, 2011 at 6:08 AM
Dude said…
This is set in the web.config, the wsFederation node: authenticationType.
July 22, 2011 at 8:57 AM
Anonymous said…
Thanks for the info! Never thought about the XML order being relavent.

I was actually having the inverse issue where internal users would get Integrated Auth and external would have Forms from the ADFS Proxy. Moving the basic before the forms on the Proxy gives them a similar experience.

Thanks!
August 15, 2011 at 6:55 PM
harminder datla said…
hi ,

i am getting an exception 404 not found
please help me to rresolve this, i have already done web config changes.

thanks
harminder datla
September 14, 2011 at 2:26 PM
Unknown said…
I want to add two pages for FormsSignIn
one is for normal browser, another is for mobile browser.
Can I add two in web.config
November 23, 2011 at 5:24 PM
Pradeep Kumar said…
Hi Richard,

Is it possible for adfs server to use Forms authentication or we have to take adfs server proxy for Forms Authentication ?

Thanks in advance
Pradeep Kumar
December 12, 2011 at 8:48 AM
Jeff Kyker said…
AMAZING! So easy to do! Just so hard to find. I gave one more effort to find a solution this morning and landed on yours and it worked instantly. Thank you sooo much.
March 5, 2012 at 11:32 AM
Eugene said…
Thanks.

This wasn't my exact issue but got me going in the right direction on my issue.
April 5, 2012 at 1:05 AM
yahoo said…
it works perfectly. Thanks a lot
March 6, 2013 at 1:37 AM
Simon de Lisle said…
Fantastic - 2 days of trying to figure this out and a guy gives me a link to this page and BANG! Sorted.

Thanks for taking the time to document this so clearly.
May 23, 2014 at 2:12 AM
Amogh Natu said…
Thank you so much. This helped me resolve my problem.
March 15, 2015 at 11:03 AM
翁哲 said…
Thanks Richard.

By the way, is there a way we can have the signed in windows users auto-login to the websites?
March 1, 2016 at 12:39 AM
Post a Comment

Popular posts from this blog

Add User As Local Administrator On Domain Controller

I recently was settting up a new Microsoft SharePoint 2010 machine and had promoted the machine to a domain controller before creating my SharePoint admin accounts.  I needed to add several of my accounts to the local Administrators group.  Unfortunately after you promote a server to a domain controller you can no longer access the GUI for Local Users and Groups.  Instead I had to use the command line to add the users.

Open a command promt using the "Run as administrator" function and then run the following command.

net localgroup Administrators /add {domain}\{user}

Note: do not include the {} brackets.
Read more

An error occurred while applying security information to

While attempting to move files from a hard drive I recovered I kept getting the following error on a specific set of files.

An error occurred while applying security information to
{G:\Folder}
Failed to enumerate objects in the container. Access is denied.

In order to fix it did the following.

-Open a Command Prompt "As Administrator"

-Run the following commands:

takeown /f G:\folder/r /d y
icacls G:\folder /grant administrators:F /T
Read more