ADFS 2.2外部用户的Internet Explorer登录提示 [英] ADFS 2.2 Internet explorer login prompt for external users
问题描述
嘿所有,
我正在使用2 ADFS 2.2 Server 2012 R2测试设置。
ADFS1
ADFS2
名为adfs.myCompany.com
我通过反向代理/负载均衡器(硬件)发布服务器和端点
https://adfs.myCompany.com/adfs/ls/IdpInitiatedSignon.aspx,可以访问。通过防火墙规则NAT'd有一个外部DNS条目。
现在,这很奇怪,当我在网络之外时,就像在非域名加入时一样,我使用chrome或firefox,我得到一个表单进行身份验证。这很好,但是Internet Explorer会弹出一个登录对话框。
这不是预期的行为。这是因为我没有在单独的盒子上使用Web代理角色,或者我错过了我的配置中的内容。
Rob
Rob
多数民众赞成可能是因为您将ADFS配置为执行默认的Windows集成身份验证(WIA)(Curb / ntlm),这确实会从非域加入的设备提供弹出窗口。
因为Chrome和Firefox不是ADFS支持的代理列表中的默认值,因此ADFS不会为它执行WIA并为它们提供基于表单的身份验证。您可以将带有PowerShell的Chrome和Firefox添加到ADFS配置:
http://social.msdn.microsoft.com/Forums/vstudio/en-US / 3834f6b8-7078-4169-81e0-8f4fbdc08490 /广告-FS-30-火狐和 - 铬没有集成 - 窗口鉴别?论坛=日内瓦
Hey All,
I am testing a setup with 2 ADFS 2.2 Server 2012 R2.
ADFS1
ADFS2
named adfs.myCompany.com
I have the servers published via a reverse proxy/load balancer (hardware) and the endpoint
https://adfs.myCompany.com/adfs/ls/IdpInitiatedSignon.aspx , is reachable. There is an external DNS entry NAT'd via a firewall rule.
Now, this is strange, when i am outside the network, as in non domain joined, and I use chrome or firefox, I get a form to authenticate on. That is great, but internet explorer pops up a login dialog box.
This is not an expected behaviour. Is this becuase I am not using the web proxy role on seperate boxes, or have i missed something in my configuration.regards,
Rob
Rob
Thats probably because you configured ADFS for doing default Windows Intergrated Authentication(WIA)(Kerb/ntlm), that will give a popup indeed from a non domain joined device.
Because Chrome and Firefox are not default in the ADFS supported agent lists and thus ADFS won't do WIA for it and gives them form based authentication. You can add Chrome and Firefox with powershell to the ADFS configuration: http://social.msdn.microsoft.com/Forums/vstudio/en-US/3834f6b8-7078-4169-81e0-8f4fbdc08490/ad-fs-30-firefox-and-chrome-no-integrated-windows-authentification?forum=Geneva
这篇关于ADFS 2.2外部用户的Internet Explorer登录提示的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
