This is the ADFS that runs on Server 2012 R2.
Been busy with a project that has some legacy components.
Firstly - XP.
No longer supported and full of security holes. In particular, it does not support SNI (Server Name Indication).
To get ADFS 3.0 to work, refer:
How to support non-SNI capable Clients with Web Application Proxy and AD FS 2012 R2
ADFS 3.0 login failing from IE8
IE8 is the last incantation of IE on XP.
If you use a later OS e.g. Windows 7 and you play in the identity space with federation and lots of redirects, you may find IE 8 reporting "Internet Explorer cannot display the webpage".
This is because IE 8 has a redirect limit of 10 which is fine for a normal web site but not fine for the SSO browser profile which is based on redirects i.e.
User --> Application --> IDP1 --> IDP2 --> IDP 3 etc and then the rollback all the way down.
If the application is SharePoint, that alone has 3 to 4 redirects.
There is a "fix" but it involves regedit which is per machine and not something suitable for the average user,
Far better to upgrade IE or use another browser.
Enjoy!
No comments:
Post a Comment