Hi guys,
We have ADFS 2.0 running on 2008r2. We are about to change an ADFS-SAML connection with one of our relying partners so that only users from a specific internal AD group will be allowed to authenticate to the relying partner. We have the Issuance Authorization rule ready to apply, but does anyone know what happens to our users that do not meet the criteria in the rule? I know they are denied access, but where? I was guessing our users would start off getting bounced back to us for authentication, they still can authenticate with us, but they are not given a token and thus given a denied access by the relying partner? If someone could let me know how that works, I would appreciate it.
Thanks,
Dan
Dan Heim