Sign up for Office 365
Learn more about Office 365
Slight problem with using SSO.
Hereby my setup
- domain (test.com)
- DC + ADFS 2.0 (TESTDC.test.com)
- SYNC server (TESTSYNC.test.com)
I have ADFS deployed with a public certificate (URL = sts.test.com) for SingleSignon. DirSync is complete and I have enabled the users. Lets say email@example.com
I login to a domain joined computer on-premisis using the domain account testaccount credentials.
When I browse to portal.microsoftonline.com and fill in user name firstname.lastname@example.org password field gets greyed out and i click sign in to test.com
Then I get the following prompt:
The ADFS server (connecting to sts.test.com) prompts me for a login screen and I have to reenter my credentials.
This is happening at every login BUT when i add the ADFS server URL to Local Intranet it is working BUT Microsoft manual only says the URL should be added to the Trusted Sites and not the Local Intranet.
Any help would be awesome.
Thanks for the feedback.
Thank you for your post.
As I understand, I want to confirm if it is necessary to add the URL of ADFS server into "Local Intranet Zone" of IE when deploying Single Sign-on.
Yes, the "Local Intranet Zone" contains all network connections that were established by using a Universal Naming Convention (UNC) path, and Web sites that bypass the proxy server or have names that do not include periods (for example, http://local). The ADFS server needs to be classified in the local intranet zone to send your credentials. All of this about sending your domain credentials using Kerberos not send a username and password which was entered at a login page.
AD FS 2.0 Design Guide
AD FS 2.0 Deployment Guide
Then the documentation on the following URL is not correct:
Add URLs to Trusted Sites in Internet Explorer
After you add or convert your domains as part of setting up single sign-on, you may want to add the fully qualified domain name of your AD FS 2.0 server to the list of Trusted Sites in Internet Explorer. This will ensure that users are not prompted for their password to the AD FS 2.0 server.
There it states Trusted Sites but you and a support page i found say add to Local Intranet.
This URL states Local Intranet:
So the top link says Trusted Sites, so please adjust this incorrect information :-)
We greatly appreciate your feedback and effect on this problem. I will forward your feedback to our product team. If you have any additional questions when using Office 365 in the future, please feel free to post new question in the forum.