Configuring ADFS with Windows Integrated Authentication

By configuring ADFS with WIA, you can use an application bookmark to log into an application through IBM® Security Verify.

About this task

This task has two parts:
  1. Change the ADFS supported user agents to allow WIA.
  2. Configure the browser.

Procedure

  1. Run the Information Sharing Environment (ISE) as an administrator in the Power Shell.
  2. Run the command $FormatEnumerationLimit=-1.
    It returns large untruncated lists.
  3. Run the command Get-AdfsProperties.
    It returns all the ADFS information and includes the current WAISupportedUserAgents.
  4. Run the command Set-AdfsProperties -WIASupportedUserAgents ((Get-ADFSProperties | Select -ExpandProperty WIASupportedUserAgents) + "Chrome" + "Mozilla/5.0".
    See Configuring intranet forms-based authentication for devices that do not support WIA for more information.
  5. Configure the browser.
    • Firefox
      1. Enter about:config in the URL field.
      2. Click I accept the risk!.
      3. Scroll to and double-click network.negotiate-auth.trusted-uris.
      4. Type the ADFS domain name, for example adfsdom.adfsdomain.
      5. Click OK.
      6. Close the browser.
    • Chrome or Internet Explorer
      1. Open the Control Panel.
      2. Click Network and Internet > Internet Options.
      3. Click the Security tab on the Internet Properties window.
      4. Select Local intranet and click Sites.
      5. Click Advanced.
      6. Type the address for your ADFS domain. For example, https://fs.adfsdom.adfsforest.
      7. Click Add > Close > OK.
      8. Select Trusted sites and click Sites.
      9. Type the Verify tenant name. For example, https://abcxyz.verify.ibm.com.
      10. Click Add > Close > OK.