Trying to brand / customize my ADFS 4.0 (Windows Server 2016) Sign-In Page

Hi, I am nearing completion of my new Windows Server 2016 ADFS (4.0) implementation...finally.  Woohoo!!!

Now, I am working on branding the Sign-In page and am trying to figure out how to remove (or hide) the default "Sign in to this site." selection, because I can see this confusing end users.  I would like to only display the drop-down options for end users to choose from and then sign-in.

SSCC Sign-In Page Examples / Tests


I have been reading up on branding Sign-In pages via Microsoft Windows IT Pro Center - AD FS User Sign-In Customization


However, it doesn't mention anything, that I could find, about this question/area of the sign-in page.


Any help, assistance, links, suggestions, recommendations are greatly appreciated.




Let me know if you need further details to assist.



Thanks in advance.
C--Users-rsnellman-Desktop-SSCC_ADFS.jpg
rsnellmanIT ManagerAsked:
Who is Participating?
 
Peter HutchisonSenior Network Systems SpecialistCommented:
For ADFS 3 or later you need to create a custom theme for ADFS and then modify the onload.js file to customize it.
 New-AdfsWebTheme –Name custom –SourceName default
 Export-AdfsWebTheme –Name default –DirectoryPath c:\theme
 Edit onload.js
 Set-AdfsWebTheme -TargetName custom -AdditionalFileResource @{Uri=’/adfs/portal/script/onload.js’;path="c:\theme
 Set-AdfsWebConfig -ActiveThemeName custom  

See Advanced customization of AD FS Sign-in pages
https://docs.microsoft.com/en-gb/windows-server/identity/ad-fs/operations/advanced-customization-of-ad-fs-sign-in-pages

ADFS user sign in customization
https://docs.microsoft.com/en-gb/windows-server/identity/ad-fs/operations/ad-fs-user-sign-in-customization
0
 
Peter HutchisonSenior Network Systems SpecialistCommented:
There is one file you can change the text appearing on ADFS login page :

c:\inetpub\adfs\ls\App_GlobalResources\CommonResources.en.resx

Change the value text for the following data entries:
FormsSignInPageTitle
SelectAsiteRadioButtonText
SignInOtherSiteRadioButtonText
0
 
rsnellmanIT ManagerAuthor Commented:
Hi, Peter.  Thanks for your reply.  However, this is not so or at least I cannot find it under the root of either the ADFS 4.0 (Windows Server 2016) server or on the ADFS 4.0 Web App Proxy (WAP) (Windows Server 2016) server.

Microsoft removed IIS dependencies when they released Windows Server 2012 R2 ADFS server role and continued it with Windows Server 2016 ADFS server role.

I really would like to know where these default files (images, etc.) are located on the ADFS 4.0 server so I could store my custom images there too, but it is a needle in a hay stack of needles at this point.


Any other ideas?


Thanks.
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

 
rsnellmanIT ManagerAuthor Commented:
A little side track, but does anyone know why when I sign out of a federated trust service (i.e. Canvas, Blackboard, etc.) from their side then go back to my SSCC Sign-In Page, the page indicates I am still logged into services and if I would like to log out of them?

And if I don't but go back to the cloud service (i.e. Canvas, Blackboard, etc.) it allows me in without authenticating, as if I am still connected when I requested it to log me out previously.


Trying to figure out if there is a setting I need to change, obviously, and where that setting would be located or setting to change?


Thanks.
C--Users-rsnellman-Desktop-SSCC_ADFS.JPG
0
 
rsnellmanIT ManagerAuthor Commented:
Would I be looking at adjusting the ADFS Federation Service Properties / Web SSO lifetime (minutes): 480 ?

That is the default for the web sso lifetime.  Not sure how that will affect users logged in to their cloud services.


Just trying to figure this out.


Thanks.
0
 
Peter HutchisonSenior Network Systems SpecialistCommented:
Sorry, my suggestion was for ADFS 2.0, not 4.0. I will see if I can find the files for ADFS 4.0 for you.
0
 
rsnellmanIT ManagerAuthor Commented:
Thanks again Peter.

One last question that came up as I finalize the development of the ADFS 4.0 Sign-In Page.

Is there a way to customize individual login services on the same ADFS 4.0 server/services?

If you have multiple relying party trusts on the same ADFS 4.0 server it creates a drop-down list, but it looks like the customizing of the sign-in page is global and appears the same for actually every sign-in page even if the sign-in pages point to different cloud services/vendors/partners.


Hopefully, I am making sense, if not let me know and I will try to elaborate.


Thanks again.
0
 
Peter HutchisonSenior Network Systems SpecialistCommented:
Good question. To be honest, I do not know. Maybe someone else may help.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.