Search

ADFS Server fails to authenticate while trying to acess from Internet by Jithendra Balakrishnan

Active

3
0
Sign in
 to vote
Type: Bug
ID: 650340
Opened: 3/9/2011 2:30:57 AM
Access Restriction: Public
0
Workaround(s)
2
User(s) can reproduce this bug
We've a publicly hosted ADFS Server which we're using for authenticating enterprise users to access Azure applications. The authentication works well while trying to access the azure portal from Intranet and everything is smooth. But when accessed over Internet, the user continuously gets the windows authentication prompt but even after entering the right credentials, the prompt stays on.

We're using a vanilla install of ADFS 2.0 that authenticates against company AD store. The issue is preventing management from taking a decision over whether they should move all the local apps to Azure or not.

The logs show no response at all. And the browser compatibility is questionable at best.

Works well with: IE6 on XP, FF2
Fails on: IE8/9 on Win 7, FF3, Google Chrome

Any help is highly appreciated.
Details (expand)

Describe the problem that you're having.

Unable to access portal hosted on Azure, secured using ADFS, over internet.

What type of impact does this issue have?

Functionality
File Attachments
0 attachments
Sign in to post a comment.
Posted by Microsoft on 6/8/2011 at 2:45 PM
Please verify that you are having the users enter the credential correctly in the form of domain\username.

Also, please see http://technet.microsoft.com/en-us/library/hh237448(WS.10).aspx for information on disabling Extended Protection.
Posted by Le Hoang Phuc on 3/9/2011 at 7:53 PM
Windows Vista
All tested browsers are working fine, the user can authenticate

Windows 7
continuous credential prompt in:
Chrome 7.0.517.44
Firefox 3.6.12

IE 8.0.7600.16385 asked once.

Windows XP SP2
IE 7.0.5730.13 - asked three times and displayed 401 error

Windows XP SP3
All tested browsers working fine.

In Mozilla Firefox on Windows operating systems, the names of the domains/websites to which the authentication is to be passed can be entered (comma delimited for multiple domains) for the "network.negotiate-auth.trusted-uris" (for Kerberos) or in the "network.automatic-ntlm-auth.trusted-uris" (NTLM) Preference Name on the about:config page.
Posted by Jithendra Balakrishnan on 3/9/2011 at 2:33 AM
On Intranet, FF3 can authenticate if we change the setting network.auth.force-generic-ntlm to true

No success on Google Chrome.

And every browser fails from Internet :(
Sign in to post a workaround.
© 2013 Microsoft Corporation. All rights reserved. Microsoft Connect Terms of Use | Trademarks | Privacy Statement