Jorge's Quest For Knowledge!

All You Need To Know About Identity And Security On-Premises And In The Cloud. It's Just Like An Addiction, The More You Have, The More You Want To Have!

(2016-07-27) How To Disable Local Authentication In ADFS v2.x, ADFS v3.0 And ADFS v4.0

Posted by Jorge on 2016-07-27


If you do not want to have the local STS (and therefore the local AD and any trusted AD) to be listed on the HRD page, while only allowing remote IdPs (CPs), you need to disable local authentication in ADFS

To disable local authentication in ADFS v2.0, perform the following steps:

  • Navigate to the folder “C:\inetpub\adfs\ls”
  • Edit the file "web.config"
  • Edit the following section as follows, and save afterwards:

<localAuthenticationTypes>
        <!– <add name="Integrated" page="auth/integrated/" /> –>
        <!– <add name="Forms" page="FormsSignIn.aspx" /> –>
        <!– <add name="TlsClient" page="auth/sslclient/" /> –>
        <!– <add name="Basic" page="auth/basic/" /> –>
</localAuthenticationTypes>

To disable local authentication in ADFS v2.1 and ADFS v3.0, perform the following steps:

  • Navigate to “C:\Windows\Adfs”
  • Edit the file "microsoft.IdentityServer.Servicehost.exe.config"
  • Edit the following section as follows, and save afterwards:

<microsoft.identityServer.web> 
       <acceptedFederationProtocols wsFederation="true" saml="true" /> 
       <localAuthenticationTypes enabled="false"> 
</localAuthenticationTypes>

To disable local authentication in ADFS v4.0, perform the following steps:

  • Open a PowerShell command prompt window
  • Execute the following command:

Set-AdfsProperties -EnableLocalAuthenticationTypes $false

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER:
https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
#########
http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: