You are viewing limited content. For full access, please sign in.

Question

Question

ADFS on LFDS - Forward sign in page to ADFS sign in page?

Directory Server Security
Updated July 2, 2020
asked on July 1, 2020

Hey Laserfiche Community,
I'm working with a customer who has implemented ADFS as their authentication solution. After the initial implementation, the customer was very satisfied with the functionality of the ADFS integration and removed all other authentication methods from their LFDSSTS sign in page so that it is only a button that takes the user to the ADFS sign in page. 
The customer would like to be able to skip the STS page and go straight to the ADFS page. 

For easier digestion, here's what the customer's end users are doing now:
Navigate to a Laserfiche application (forms, web client) URL> get redirected to LFDSSTS sign in page> click the "sign in with ADFS" button>push browser to ADFS sign in page> sign into ADFS>Return to Laserfiche web application with ADFS token and party on.

What the customer would like to do:
Navigate to a Laserfiche application (forms, web client) URL> get redirected to ADFS sign in page>sign into ADFS>Return to Laserfiche web application with ADFS token and party on.

 

Is this possible without too much of a headache? My first thought would be to just use the link from the "sign into lfds" button, but I feel like the token generation process has to start from the LFDSSTS. However, I do agree that if a few steps could be eliminated that would be great.

 

Best Regards,
Hunter

4 0

Replies

replied on July 2, 2020

Hi Hunter,

This functionality is not possible out of the box at this time but I'll make sure it's in our feature request backlog. There is a workaround mentioned here that might work for you, but note that this method of essentially auto-clicking the AD FS button may cause sign out to not work (user will sign out of LF > be taken to STS > be automatically sent to AD FS where the SAML token may still be valid > user is logged back into LF).

0 0
replied on July 2, 2020

I think it would make the most since to have a checkbox on the STS page like there is for Windows Authentication, 'Always use Windows authentication', but for AD FS.

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...