This is for Server 2012 / Server 2016 - (ADFS 3.0 and 4.0).
I found that most articles I came across simply regurgitate the information in the official articles. I just wonder what the point is?
The official Microsoft reference is:
AD FS user sign-in customisation
Add sign-in page description
Home Realm Discovery Customisation
Update Password
Some code to allow the ADFS Cancel button on the Update Password page (Expired Password) to redirect back to the original page.
ADFS 3.0 Cancel Button Redirection and Password Change Link
or
Just remove the button:
ADFS : Remove the "Cancel" button from the Update Password screen
Handling Expired Passwords in AD FS 2012 R2
What's interesting about this article is that the custom js is in a separate file, it's added via the additional file resources and then "injected" i.e.
Set-AdfsGlobalWebContent –SignInPageDescriptionText "<script type=""text/javascript"" src=""/adfs/portal/script/custom.js""></script>"Most examples for text strings simply replace the text with other text but as this shows, you can replace the text with JavaScript. You could use this technique for the other screens as well.
You can add text and links:
ADFS : Adding extra text and links to the Login and Update Password screens
Adding some help text around password requirements:
ADFS : Adding default password rules to the Change and Update Password pages
Login page
Adding buttons instead of links:
Customize the ADFS authentication page with buttons!
Using sAMAccountName to login rather than User Principal Name (UPN) or using DOMAIN\username.
Using SAMAccountName to Login to ADFS in Windows Server 2012R2/2016
or:
Accept SAM-account name as a login format on the ADFS form-based password update page
Don't like the screen - just redo it!
How to “TOTALLY” customize your Home Realm Discovery Page in Windows Server 2012 R2 ADFS
Hiding others customers when using Office 365.
Customizing the AD FS 3.0 Sign-in Page Logo
You can add text and links:
ADFS : Adding extra text and links to the Login and Update Password screens
Hiding some of the RP in the IDPInitiated scenario:
How to Hide a Relying Party from AD FS 3.0
Forcing a button click automatically on logout:
How do I customize the ADFS 3.0 logout page to force sign out?
Don't like the copyright notice?
ADFS : Removing the copyright notice - the easy way
Slightly different technique to add a link:
Adding A Link To The SSPR Page In The ADFS FBA Page
HRD
Changing the "Active Directory" name in ADFS 4.0 to something more appropriate.
ADFS 2016 – Change the Active Directory claim provider display name in the Home Realm Discovery page
At the bottom of that article, there is some JavaScript to show how to move this entry (the local AD) to the top. Unfortunately, it is hard-coded for a certain number of IDP and needs to be more dynamic.
This is a more dynamic solution.
ADFS : Moving the "Active Directory" IDP entry to the top of the list
Another example here.
If you use the -OrganizationalAccountSuffix to associate a RP with an IDP, you get something like:
If you want to skip this, have a read of:Hiding others customers when using Office 365.
Customizing the AD FS 3.0 Sign-in Page Logo
You can add text and links:
ADFS : Adding extra text and links to the Login and Update Password screens
Hiding some of the RP in the IDPInitiated scenario:
How to Hide a Relying Party from AD FS 3.0
Forcing a button click automatically on logout:
How do I customize the ADFS 3.0 logout page to force sign out?
Don't like the copyright notice?
ADFS : Removing the copyright notice - the easy way
Slightly different technique to add a link:
Adding A Link To The SSPR Page In The ADFS FBA Page
HRD
Changing the "Active Directory" name in ADFS 4.0 to something more appropriate.
ADFS 2016 – Change the Active Directory claim provider display name in the Home Realm Discovery page
At the bottom of that article, there is some JavaScript to show how to move this entry (the local AD) to the top. Unfortunately, it is hard-coded for a certain number of IDP and needs to be more dynamic.
This is a more dynamic solution.
ADFS : Moving the "Active Directory" IDP entry to the top of the list
Another example here.
If you use the -OrganizationalAccountSuffix to associate a RP with an IDP, you get something like:
Customize the Home Realm Discovery page to ask for UPN right away
-OrganizationalAccountSuffix is out-of-the-box for ADFS 4.0.
To do this in ADFS 3.0:
Customizing the AD FS sign-in pages per relying party trust
If you want to change the thumbnail images:
Customizing the IDP images in the Home Realm Discovery page
You can add extra text to the pages:
ADFS : Adding messages to the ADFS login / HRD screens
If you are wondering about how to get the small text inside the "button", refer:
ADFS : Adding extra text to the HRD screen IDP description
ADFS centered experience
"Back in December 2017 the User Experience (UX) for Azure AD login changed to a centered (or centred, depending upon where in the world you speak English) login page with pagination. Pagination is where you enter the username on one screen and the password on the next. This was covered in new Azure Active Directory centered sign-in experience and recently in early April 2018 Microsoft announced changes to the UX to include the removal of all the right-aligned pages (for example the MFA screens and password reset)."
Customizing ADFS To Match Azure AD Centered User Experience
Theme
The standard commands to change the default theme are in the official links at the top.
Note that you can change any collateral in the theme.
ADFS : You can change anything in the Theme structure
Bonus
"Unless you have saved all the PowerShell cmdLet you typed to create your custom theme in your pre-production environment, it is quite challenging to recreate the exact same webtheme on your production servers. It is easy to export a configuration with the Export-WebTheme cmdLet. But it does not give you the ability to re-import what you just exported. I wrote the following script to help with that:"
How to export an ADFS custom web theme and import it to another serverrt-an-adfs-custom-webtheme-and-import-it-to-another-server/
And you can debug the onload.js. Bargain!
ADFS : Debugging onload.js when customising the Login, Update Password and Home Realm Discovery (HRD) screens
Want pop-ups with that?
ADFS : Pop-ups on the HRD / login and change password screens
I'll keep adding to this page as new examples come to light.
Enjoy!
No comments:
Post a Comment