This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 48%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJL%3C/text%3E%3C/svg%3E)
Hello,
We are facing an issue when applying HRD on lab & prod environement. We have 2 directories for authentication.
We use ADFS installed on Windows Server 2019.
We use OrganizationalSuffix (Set-AdfsLocalClaimsProviderTrust -TargetName "Active Directory" -OrganizationalAccountSuffix @("mydomain.com"), for HRD.
We configured HRD Cookie with "set-adfswebconfig":
HRDCookieLifetime : 30
HRDCookieEnabled : True
ContextCookieEnabled : True
I'm connect to RP, and I'm redirected on ADFS login page
The logon page show only login form without password
I enter @mail, and on the second page, I enter password, and everything is working fine.
I close my session (logout).
On the lab Environment
I reconnect to the RP,
ADFS shows the Signin page with Login and password on the same page.
This is due to HRD cookie lifetime, very good.
One the prod environment
I reconnect to the RP
ADFS shows the signin page with login only. I must click "next".
First, I did believe that que HRD cookie was deleted, but if I choose login which is in the other directory (different from the first login), authentication failed. I'm sure that HRD works fine, but I don't understand this page.
I tested with our custom theme, and I re-activate default ADFS 2019 theme.
What I missed?
Thanks,
Jean-Luc
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
If you think it's unrelated to the HRD, are there any logs or additional error messages you can share to help us pinpoint the issue?
I don't see error message or any log on the ADFS server.
I can show you the result.
On lab environment:
On the prod environment:
I don't understand why prod environement does not show a single page.
Thanks
Hello,
The issue has been solved!
As described, he forms was different if I compare prod & lab.
We implemented custom themes, and our custom theme had many issues on our prod environment. It was a critical issue.
We choose to use a security feature "allowAdditionalAuthenticationAsPrimary". It's very interesting.
If you turn to $true, the form page is different.
We used 2 directories (AD & OpenLDAP), with organizationalAccountSuffix definition (for HRD page). With this configuration and AllowAdditionalAuthenticationAsPrimary turned to $true, there are some bugs.
My solution is: