How do I integrate ADFS 2.0 with Windows authentication
Last updated
Last updated
This document describes how to configure Active Directory and Active Directory Federation Service (ADFS) Version 2.0 in order to enable it to use Windows Authentication on MangoApps, which allows users to log in with their Microsoft Windows Logon and not be prompted for credentials.
AD FS Version 2.0 installed and configured with MangoApps Domain as Relying Party Trust
The information in this document is based on these software and hardware versions. The hostnames mentioned below will change as per your environment:
ADFS Version 2.0 (Hostname: openadfs.mangopulse.com)
MangoApps (Hostname: siddwopi.engageexpress.com)
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
1) IIS Manager Select Windows Authentication and click Advanced Settings under the right-pane. In Advanced Settings, uncheck Enable Kernel-mode authentication, make sure Extended Protection is Off, and click OK.
2) Ensure that ADFS Version 2.0 supports both the Kerberos protocol and the NT LAN Manager (NTLM) protocol because all Non-Windows clients cannot use Kerberos and rely on NTLM. In the right-pane, select Providers and make sure Negotiate and NTLM are present under Enabled Providers:
3) Configure Browser:
Ensure that Internet Explorer > Advanced > Enable Integrated Windows Authentication is checked.
4) Add ADFS URL under Security >Intranet zones > sites.
5) Add the MangoApps hostnames to Security >Trusted sites.
6) Ensure that Internet Exporer > security > Local Intranet > Security Settings > User Authentication – Logon is configured in order to use the logged-in credentials for intranet sites.
Troubleshooting ADFS:
If the windows authentication isn’t working please check the event log on ADFS side. It may give insight into the cause.
If the error (in the event log) happens to be “MSIS7102: Requested Authentication Method is not supported on the STS.” then please refer this article to update the ADFS configuration – https://social.technet.microsoft.com/Forums/en-US/5f77b787-03ca-458a-a3bd-d1ddb9ed6c4d/sp-initiated-saml-session-not-working-externally?forum=ADFS
