AI OnAI Off
SSO with ADFS 4.0 - fallback to forms
Hello Erik
This post may be what you are looking for:
https://hacksbyme.net/2017/05/11/mixed-mode-owin-authentication-for-episerver-editors/
I'm sure you could adapt the approach. There is some official Episerver documentation around this too:
David
Edited,
Sep 28, 2018 22:49
Thanks David. To handle outside users, I added a custom action to the base Page Controller which does a little check to see who you are. If they're local (and not logged in) it fires the authentication challenge. If not, it simply sends them through and I have a manual login link. It'd be nice if ADFS handled that, but I cant complain given how old 2.0 is already :)
Oct 15, 2018 17:43
This topic was created over six months ago and has been resolved. If you have a similar question, please create a new topic and refer to this one.
ADFS seems to be the preferred method of authentication for SSO. I have it working with ADFS 2.0, but there really isnt a proper fallback method for users to do forms based auth (or even get a prompt) Our situation is kind of unique in that we have users from two other organizations who connect to our network. So effectively I want user1@domain1.com to have SSO , and if user2@domain2.com or user3@domain3.com tries to login they get prompted for their credentials for domain1.com (its a strange setup... but i have no say in that matter).
Would enabling forms and windows integrated auth work in this case? Or would it still simply grab the credentials for user2@domain2.com and fail because it cant find it? Also, if theres an alternative method where they would simply get prompted with an ugly browser based login, I'd love to hear that as well!
Thanks!