Jorge's Quest For Knowledge!

All You Need To Know About Identity And Security On-Premises And In The Cloud. It's Just Like An Addiction, The More You Have, The More You Want To Have!

Archive for the ‘Home Realm Discovery (HRD)’ Category

(2016-08-08) Configuring Custom Logos For Your Identity Providers/Claim Providers Trusts

Posted by Jorge on 2016-08-08


As the page “Customizing the AD FS Sign-in Pages” already explains, use configure custom logos for your HRD page, being

  • The Illustration (in figure 1 – on the left)
  • The Logo (in figure 1 – upper right)
  • The Local STS Icon (in figure 1 – IdP called “IAM Technologies”)
  • The Remote IdP Icon for which no suffixes have been configured (in figure 1 – last 3 IdPs)

That then looks like it is displayed in figure 1

image

Figure 1: HRD Page With A Custom Illustration, A Custom Logo, A Custom Icon For the Local STS And a Custom Icon For Other Remote IdPs

However, have you ever wanted to see it like it is displayed in figure 2?

image

Figure 1: HRD Page With A Custom Illustration, A Custom Logo, A Custom Icon For the Local STS And a Custom Icon For Every Individual Remote IdP

Yes, that is possible!

To configure the logo execute the following command:

Set-AdfsWebTheme –TargetName <Web Theme> -Logo @{path="<Path To Logo JPG/PNG>"}

To configure the illustration execute the following command:

Set-AdfsWebTheme -TargetName <Web Theme> -Illustration @{path="<Path To Illustration JPG/PNG>"}

To configure the logo for the local STS execute the following command:

Set-AdfsWebTheme -TargetName <Web Theme> -AdditionalFileResource @{Uri=’/adfs/portal/images/idp/localsts.png’;path="<Path To Local STS Logo JPG/PNG>"}

To configure the logo for the Remote IdP/STS, for which no suffix is configured, execute the following command:

Set-AdfsWebTheme -TargetName <Web Theme> -AdditionalFileResource @{Uri=’/adfs/portal/images/idp/idp.png’;path="<Path To General IdP Logo JPG/PNG>"}

To configure the logo for the Remote IdP/STS, for which at least one suffix is configured, execute the following command:

Set-AdfsWebTheme -TargetName <Web Theme> -AdditionalFileResource @{Uri=’/adfs/portal/images/idp/otherorganizations.png’;path="<Path To Other Organizations Logo JPG/PNG>"}

To configure the logo for the Remote IdP/STS with a custom (company) logo, execute the following command

Set-AdfsWebTheme -TargetName <Web Theme> -AdditionalFileResource @{uri="/adfs/portal/images/idp/<CP Trust Name>.png";path="<Path To Custom IdP Logo JPG/PNG>"}

REMARK: If you rename a CP trust, you also need to rename the web file in the URL! If you do not, the general IdP logo is displayed

REMARK: Instead of using PNG files, you can also use JPG files! Whatever extension you use, the extension of the file being imported must match the extension of the web file in the URL!

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER:
https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
#########
http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

Posted in Active Directory Federation Services (ADFS), Home Realm Discovery (HRD), Web Themes | Leave a Comment »

(2016-07-27) How To Disable Local Authentication In ADFS v2.x, ADFS v3.0 And ADFS v4.0

Posted by Jorge on 2016-07-27


If you do not want to have the local STS (and therefore the local AD and any trusted AD) to be listed on the HRD page, while only allowing remote IdPs (CPs), you need to disable local authentication in ADFS

To disable local authentication in ADFS v2.0, perform the following steps:

  • Navigate to the folder “C:\inetpub\adfs\ls”
  • Edit the file "web.config"
  • Edit the following section as follows, and save afterwards:

<localAuthenticationTypes>
        <!– <add name="Integrated" page="auth/integrated/" /> –>
        <!– <add name="Forms" page="FormsSignIn.aspx" /> –>
        <!– <add name="TlsClient" page="auth/sslclient/" /> –>
        <!– <add name="Basic" page="auth/basic/" /> –>
</localAuthenticationTypes>

To disable local authentication in ADFS v2.1 and ADFS v3.0, perform the following steps:

  • Navigate to “C:\Windows\Adfs”
  • Edit the file "microsoft.IdentityServer.Servicehost.exe.config"
  • Edit the following section as follows, and save afterwards:

<microsoft.identityServer.web> 
       <acceptedFederationProtocols wsFederation="true" saml="true" /> 
       <localAuthenticationTypes enabled="false"> 
</localAuthenticationTypes>

To disable local authentication in ADFS v4.0, perform the following steps:

  • Open a PowerShell command prompt window
  • Execute the following command:

Set-AdfsProperties -EnableLocalAuthenticationTypes $false

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER:
https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
#########
http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

Posted in Active Directory Federation Services (ADFS), Home Realm Discovery (HRD) | Leave a Comment »

 
%d bloggers like this: