(2017-06-15) Displaying The Welcome Message On The MFA Page In ADFS 2016
Posted by Jorge on 2017-06-15
In ADFS 2012 R2 when hitting the MFA page a welcome message was displayed with an explanation as shown in figure 1 below
Figure 1: MFA Page In ADFS 2012 R2 With The Default Value For The Name Claim Type
–
Looking at the default behavior in ADFS 2016 you will get the following instead
Figure 2: MFA Page In ADFS 2016 With The Default Value For The UPN Claim Type
–
There is no welcome message anymore and the identity value is now located in the explanation at the end.
If you want to revert back to the ADFS 2012 R2 behavior you can do the following:
[Step 1]
Clone the current active ADFS web theme to a new ADFS web theme
First determine the current web theme
Get-ADFSWebConfig
Clone the current active web theme to a new web theme
New-AdfsWebTheme -Name <New Web Theme Name> -SourceName <Active Web Theme Name>
–
[Step 2]
Export the cloned web theme to a folder on the file system
Export-AdfsWebTheme -Name <New Web Theme Name> -DirectoryPath <Some Folder On The File System>
–
[Step 3]
Edit the file “onload.js” in the folder “<Some Folder On The File System>\Script” and add the following piece of code to the end of the file to show the welcome message again
// Check if we are in the auth area
var authNArea = document.getElementById("authArea");
if (authNArea) {
// if mfaGreeting element is present, modify its properties.
var mfaGreeting = document.getElementById("mfaGreeting");
if (mfaGreeting) {
mfaGreeting.className = "fieldMargin bigText";
}
}
–
[Step 4]
Import the new edited “onload.js” file
Set-AdfsWebTheme -TargetName <New Web Theme Name> -AdditionalFileResource @{Uri=’/adfs/portal/script/onload.js’;path="<Some Folder On The File System>\script\onload.js"}
–
[Step 5]
Activate the new web theme
Set-AdfsWebConfig -ActiveThemeName <New Web Theme Name>
–
[Step 6]
Reconfigure the explanation text if required
Set-AdfsGlobalWebContent -SignInPageAdditionalAuthenticationDescriptionText "For security reasons, we require additional information to verify your account"
–
Now access an application through ADFS for which MFA is required
–
If you did display the Welcome message and did not revert back to the explanation as shown in the ADFS 2012 R2 you would see something similar to
Figure 3: Customized MFA Page In ADFS 2016 With The Default Value For The UPN Claim Type
–
–
Cheers,
Jorge
————————————————————————————————————————————————————-
This posting is provided "AS IS" with no warranties and confers no rights!
Always evaluate/test everything yourself first before using/implementing this in production!
This is today’s opinion/technology, it might be different tomorrow and will definitely be different in 10 years!
DISCLAIMER: https://jorgequestforknowledge.wordpress.com/disclaimer/
————————————————————————————————————————————————————-
########################### Jorge’s Quest For Knowledge ##########################
#################### http://JorgeQuestForKnowledge.wordpress.com/ ###################
————————————————————————————————————————————————————-
This entry was posted on 2017-06-15 at 23:00 and is filed under Active Directory Federation Services (ADFS), Azure AD MFA Adapter, Claim Types, onload.js. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
This site uses Akismet to reduce spam. Learn how your comment data is processed.
Leave a comment