FAQ  Search  Memberlist  Usergroups  Register  Profile  Private messages  Log in

ADFS and Windows Integrated Authentication

Forum Index -> microsoft.public.windows.server.active_directory

Author	Message
odf Guest	Posted: Thu May 11, 2006 9:04 pm    Post subject: ADFS and Windows Integrated Authentication We have the adfs step-by-step sample installed in our test lab. We've added an FSP in both domains. The question we have is how do you get pass-through authentication to work if the client is already logged into the adatum domain? We've tried using the alternate login pages on the FSP but get an error message "LogonClient was called with the anonymous WindowsIdentity. This may indicate that anonymous authentication has been enabled for this page". We've tried using Integrated Security instead of anonymous on the FSP web site but then get an error saying adfs does not work with Integrated Authentication. Just to clearify, we make a request to the web site in the treyresearch domain, treyresearch proxy sends us to the adatum proxy to authenticate, we select our realm and are presented with a form login page. We hope to avoid this page when the client, FSP, and FS server are all in the same domain. The IE settings on the client already allow for "Integrated Windows Authentication" and the proxy server is in the trusted sites zone. Thanks -- odf
Back to top
Kidem Guest	Posted: Thu May 11, 2006 9:57 pm    Post subject: Re: ADFS and Windows Integrated Authentication odf wrote: Quote: We have the adfs step-by-step sample installed in our test lab. We've added an FSP in both domains. The question we have is how do you get pass-through authentication to work if the client is already logged into the adatum domain? We've tried using the alternate login pages on the FSP but get an error message "LogonClient was called with the anonymous WindowsIdentity. This may indicate that anonymous authentication has been enabled for this page". We've tried using Integrated Security instead of anonymous on the FSP web site but then get an error saying adfs does not work with Integrated Authentication. Just to clearify, we make a request to the web site in the treyresearch domain, treyresearch proxy sends us to the adatum proxy to authenticate, we select our realm and are presented with a form login page. We hope to avoid this page when the client, FSP, and FS server are all in the same domain. The IE settings on the client already allow for "Integrated Windows Authentication" and the proxy server is in the trusted sites zone. Thanks Intergrated windows authentication doesnt pass through proxys i though???
Back to top
odf Guest	Posted: Thu May 11, 2006 10:19 pm    Post subject: Re: ADFS and Windows Integrated Authentication Are you saying that if we didn't have an FSP in the adatum(account side) Windows Integrated Authentication would work for the client? -- odf "Kidem" wrote: Quote: odf wrote: We have the adfs step-by-step sample installed in our test lab. We've added an FSP in both domains. The question we have is how do you get pass-through authentication to work if the client is already logged into the adatum domain? We've tried using the alternate login pages on the FSP but get an error message "LogonClient was called with the anonymous WindowsIdentity. This may indicate that anonymous authentication has been enabled for this page". We've tried using Integrated Security instead of anonymous on the FSP web site but then get an error saying adfs does not work with Integrated Authentication. Just to clearify, we make a request to the web site in the treyresearch domain, treyresearch proxy sends us to the adatum proxy to authenticate, we select our realm and are presented with a form login page. We hope to avoid this page when the client, FSP, and FS server are all in the same domain. The IE settings on the client already allow for "Integrated Windows Authentication" and the proxy server is in the trusted sites zone. Thanks Intergrated windows authentication doesnt pass through proxys i though???
Back to top
odf Guest	Posted: Thu May 11, 2006 10:43 pm    Post subject: Re: ADFS and Windows Integrated Authentication It appears you are correct about the proxy. We removed it on the account side and Window Integrated Authentication worked. How do you handle a situation where employees connect at work and at home? At home they will not be allowed the whole way into the Federation Server (FS) and it is recommended that the FS is not in the DMZ. -- odf "odf" wrote: Quote: Are you saying that if we didn't have an FSP in the adatum(account side) Windows Integrated Authentication would work for the client? -- odf "Kidem" wrote: odf wrote: We have the adfs step-by-step sample installed in our test lab. We've added an FSP in both domains. The question we have is how do you get pass-through authentication to work if the client is already logged into the adatum domain? We've tried using the alternate login pages on the FSP but get an error message "LogonClient was called with the anonymous WindowsIdentity. This may indicate that anonymous authentication has been enabled for this page". We've tried using Integrated Security instead of anonymous on the FSP web site but then get an error saying adfs does not work with Integrated Authentication. Just to clearify, we make a request to the web site in the treyresearch domain, treyresearch proxy sends us to the adatum proxy to authenticate, we select our realm and are presented with a form login page. We hope to avoid this page when the client, FSP, and FS server are all in the same domain. The IE settings on the client already allow for "Integrated Windows Authentication" and the proxy server is in the trusted sites zone. Thanks Intergrated windows authentication doesnt pass through proxys i though???
Back to top
Display posts from previous: All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 Year Oldest FirstNewest First

	Forum Index -> microsoft.public.windows.server.active_directory	All times are GMT
Page 1 of 1