Windows Identity Foundation Extensions Home
ADFS Server fails to authenticate while trying to acess from Internet
3/9/2011 2:30:57 AM
User(s) can reproduce this bug
We've a publicly hosted ADFS Server which we're using for authenticating enterprise users to access Azure applications. The authentication works well while trying to access the azure portal from Intranet and everything is smooth. But when accessed over Internet, the user continuously gets the windows authentication prompt but even after entering the right credentials, the prompt stays on.
We're using a vanilla install of ADFS 2.0 that authenticates against company AD store. The issue is preventing management from taking a decision over whether they should move all the local apps to Azure or not.
The logs show no response at all. And the browser compatibility is questionable at best.
Works well with: IE6 on XP, FF2
Fails on: IE8/9 on Win 7, FF3, Google Chrome
Any help is highly appreciated.
Describe the problem that you're having.
Unable to access portal hosted on Azure, secured using ADFS, over internet.
What type of impact does this issue have?
to post a comment.
Please enter a comment.
on 6/8/2011 at 2:45 PM
Please verify that you are having the users enter the credential correctly in the form of domain\username.
Also, please see http://technet.microsoft.com/en-us/library/hh237448(WS.10).aspx for information on disabling Extended Protection.
Le Hoang Phuc
on 3/9/2011 at 7:53 PM
All tested browsers are working fine, the user can authenticate
continuous credential prompt in:
IE 8.0.7600.16385 asked once.
Windows XP SP2
IE 7.0.5730.13 - asked three times and displayed 401 error
Windows XP SP3
All tested browsers working fine.
In Mozilla Firefox on Windows operating systems, the names of the domains/websites to which the authentication is to be passed can be entered (comma delimited for multiple domains) for the "network.negotiate-auth.trusted-uris" (for Kerberos) or in the "network.automatic-ntlm-auth.trusted-uris" (NTLM) Preference Name on the about:config page.
on 3/9/2011 at 2:33 AM
On Intranet, FF3 can authenticate if we change the setting network.auth.force-generic-ntlm to true
No success on Google Chrome.
And every browser fails from Internet :(
to post a workaround.
Please enter a workaround.
© 2013 Microsoft