Pass windows credentials through ADFS for external site without being prompted??

Hall Jr, Rodney 1 Reputation point
2020-06-02T18:59:39.903+00:00

im running into an issue with passing logged in user credentials through internal ADFS to external website without being prompted for credentials. I added the site into the trusted sites, set the "automatic logon with current username and pass", made sure the settings in "advanced" was correct. but no matter what i change, im still being promoted with the ADFS login page.

any ideas??

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
952 questions
No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Pierre Audonnet - MSFT 9,976 Reputation points Microsoft Employee
    2020-06-03T12:50:41.737+00:00

    ADFS does not pass credentials.

    In order to achieved Sigle Sign On for an internal application you will need:

    1. Configure the application to use Federation and to point/redirect ADFS for authentication.
    2. Configure a Replying Party Trust for the application in ADFS.
    3. Confirm that Windows Integrated Authentication is configured on the primary authentication policy.
    4. Confirm that the ServicePrincipalName of the farm is set on the service account and only on the service account.
    5. Make sure the client is domain joined and have the URL of the ADFS server (not the application) in either the Trusted Site List or the Intranet Site List.
    6. Make sure the useragentstring of the browser is listed in the list of supported UAS for Windows Integrated Authentication (example for Chrome available here: https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configure-intranet-forms-based-authentication-for-devices-that-do-not-support-wia#configuring-wia-for-chrome).