(2017-06-23) Adding A Link To The SSPR Page In The ADFS FBA Page
Posted by Jorge on 2017-06-23
When users use Windows Integrated Authentication against ADFS through their Windows desktop/laptop the users are authenticated based upon the credentials they used to logon with onto that Windows desktop.laptop. If those users needed to reset their password or unlock their account, a link would need to be provided within the logon screen to point to the SSPR page or users would need to use some kind of kiosk PC.
However, when hitting the Forms Based Authentication page within ADFS, it would be nice if you could display a link on that same page if users needed to reset their password or unlock their account when for example on a mobile device. Something similar to the following:
Figure 1: A Link To The SSPR Page On The FBA Page
–
If you want to do this, you can use the following steps
[Step 1]
Clone the current active ADFS web theme to a new ADFS web theme
First determine the current web theme
Get-ADFSWebConfig
Clone the current active web theme to a new web theme
New-AdfsWebTheme -Name <New Web Theme Name> -SourceName <Active Web Theme Name>
–
[Step 2]
Export the cloned web theme to a folder on the file system
Export-AdfsWebTheme -Name <New Web Theme Name> -DirectoryPath <Some Folder On The File System>
–
[Step 3]
Edit the file “onload.js” in the folder “<Some Folder On The File System>\Script” and add the following piece of code to the end of the file to show the link to the SSPR page in AAD on the FBA page (NOTE: you can use any other SSPR page if you want, such as the FIM/MIM SSPR page)
// Add link for password reset, if we find the forms authentication element in the page
var formsAuthArea = document.getElementById("formsAuthenticationArea");
if (formsAuthArea) {
//Create the hyperlink
var pwdResetLink = document.createElement(‘a’);
var linkText = document.createTextNode("Click Here For Password Reset Or Account Unlock");
pwdResetLink.appendChild(linkText);
pwdResetLink.title = "Click Here For Password Reset Or Account Unlock";
pwdResetLink.href = "";’>";’>https://passwordreset.microsoftonline.com/?whr=<Your Domain In AAD>";
pwdResetLink.target = "_blank";
document.body.appendChild(pwdResetLink);//append to the authArea
var authNArea = document.getElementById("authArea");
authNArea.appendChild(pwdResetLink);
}
–
[Step 4]
Import the new edited “onload.js” file
Set-AdfsWebTheme -TargetName <New Web Theme Name> -AdditionalFileResource @{Uri=’/adfs/portal/script/onload.js’;path="<Some Folder On The File System>\script\onload.js"}
–
[Step 5]
Activate the new web theme
Set-AdfsWebConfig -ActiveThemeName <New Web Theme Name>
–
Now access an application and make sure to use the FBA page. The FBA page is used when coming from a mobile device on an external network or when not using WIA
–
–
Cheers,
Jorge
————————————————————————————————————————————————————-
This posting is provided "AS IS" with no warranties and confers no rights!
Always evaluate/test everything yourself first before using/implementing this in production!
This is today’s opinion/technology, it might be different tomorrow and will definitely be different in 10 years!
DISCLAIMER: https://jorgequestforknowledge.wordpress.com/disclaimer/
————————————————————————————————————————————————————-
########################### Jorge’s Quest For Knowledge ##########################
#################### http://JorgeQuestForKnowledge.wordpress.com/ ###################
————————————————————————————————————————————————————-
Sachin Shahi (@sachinshahi) said
HI Jorge, is there a way to move the link to right below the password prompt?
LikeLike
Jorge said
Do not know from top of my head. Would need to have a look at the onload.js code
LikeLike
Jorge said
Hi,
Yes that is possible!
Look at the following part of the code:
//append to the authArea
var authNArea = document.getElementById(“authArea”);
authNArea.appendChild(pwdResetLink);
CHANGE IT TO (the highlighted parts are the changes):
//append to the passwordArea
var passwordArea = document.getElementById(“passwordArea“);
passwordArea.appendChild(pwdResetLink);
LikeLike