KB No. 09: Using a .fr email address on the ADFS portal

This article provides step-by-step instructions on how to use a .fr or .com email address on the ADFS (IDP) login portal for Olfeo SaaS authentication.

Background

If your users' UPN or simply your Active Directory domain is .local, the ADFS web login portal that appears when you first navigate to it will require your users to log in with a .local address (example: alfred.dupont@monentreprise.local).

In most cases, you want users to be able to log in with an email account: alfred.dupont@monentreprise.fr.

Steps

The first step is to create a custom web theme. A quick method is to export the default web theme, then use the original code as a basis for your customizations. Run the following command applet to create a custom web theme by duplicating the default web theme:

New-AdfsWebTheme –Name custom –SourceName default

The next step is to export your custom web theme so that you have an onload.js file that you can update. Run the following command applet to export your custom web theme and generate an onload.js file:

Export-AdfsWebTheme –Name default –DirectoryPath c:\theme

You can then add this piece of JavaScript code to the file c:\theme\script\onload.js:

if (typeof Login != 'undefined'){
	Login.submitLoginRequest = function () {
		var u = new InputUtil();
		var e = new LoginErrors();
		var userName = document.getElementById(Login.userNameInput);
		var password = document.getElementById(Login.passwordInput);

		var userNameValue = userName.value.split('.')[0]+".local";
		document.forms['loginForm'].UserName.value = userNameValue;

		if (!password.value) {
			u.setError(password, e.passwordEmpty);
			return false;
		}

		document.forms['loginForm'].submit();
		return false;
	}
}

After adding your customizations, you must update the AD FS web theme to use your onload.js file instead of the original onload.js file. Run the following command applet to set your onload.js file as the target for web theme definitions (from Windows Server 2016 onwards; for previous versions, see: https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/operations/advanced-customization-of-ad-fs-sign-in-pages#change-target-onloadjs-file):

Set-AdfsWebTheme -TargetName custom -OnLoadScriptPath "c:\theme\script\onload.js"

The final step is to apply your customizations to the AD FS sign-in pages. Run the following cmdlet to update AD FS with your customizations:

Set-AdfsWebTheme -TargetName custom -OnLoadScriptPath "c:\theme\script\onload.js"

You can then log in to the ADFS IdP with the username albert.dupont@montentreprise.fr