im running into an issue with passing logged in user credentials through internal ADFS to external website without being prompted for credentials. I added the site into the trusted sites, set the "automatic logon with current username and pass", made sure the settings in "advanced" was correct. but no matter what i change, im still being promoted with the ADFS login page.
any ideas??
ADFS does not pass credentials.
In order to achieved Sigle Sign On for an internal application you will need:
Configure the application to use Federation and to point/redirect ADFS for authentication.
Configure a Replying Party Trust for the application in ADFS.
Confirm that Windows Integrated Authentication is configured on the primary authentication policy.
Confirm that the ServicePrincipalName of the farm is set on the service account and only on the service account.
Make sure the client is domain joined and have the URL of the ADFS server (not the application) in either the Trusted Site List or the Intranet Site List.
Make sure the useragentstring of the browser is listed in the list of supported UAS for Windows Integrated Authentication (example for Chrome available here: https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configure-intranet-forms-based-authentication-for-devices-that-do-not-support-wia#configuring-wia-for-chrome).
this is for a "cloud" hosted service, so it is an external site/application
6 people are following this question.
