Hi All,
We are having an issue federating with a new partner. In the past we have no issues with the federation partners we have setup, but this one seems a bit different. We have an ADFS 2.0 Farm, but instead of an ADFS proxy we are using TMG.
This is an SP initiated Federation (WS-Federation) so we are first browsing to the external application URL, the request is then redirected to our ADFS environment as it should be. This is where the issue occurs, the user is asked to login when the request hits the TMG Server (forms based), that is normal behaviour. Once the user enters their credentials and logs in at the TMG level I would then expect these creds to be passed to ADFS and authenticate the user. The issue is that the user is then prompted to authenticate for a 2nd time when the request reaches our ADFS. Once the user enters the creds (the same creds as the TMG login), they are then redirected to the external application and logged straight in. My issue is that I cannot work out why TMG does not seem to be passing the creds to the ADFS Servers to authenticate the user automatically.
We have Office 365 setup which has the same kind of config, e.g. you go to the external site, redirect to login at TMG, but the difference is you only need to login once, this appears to authenticate the user automatically in ADFS and build the token.
I'm not sure if it is a TMG rule I am missing, but can't really play around with this as it may break Office 365. Apart from this, all our other federations are IdP so they work in a different way without issue.
Let me know if you need me to provide any more information.
Thanks