Good day. We have set up a Relying Party Trust and all is working fine for authentication to the partner website. However, I'm getting varying behavior during authentication depending on the browser, specifically IE.
This is our first foray into ADFS so we only have a single claims provider, our Active Directory. So I'm assuming that Home Realm considerations are not a factor in our environment.
Right now, in IE I am currently forced to use the "Down-Level Logon Name" format, that is domain\username. In any other browser, on any platform, I can simply use username. UPN will also work in IE but unfortunately in our environment the UPN is not in a format familiar to the staff (ie not the same as the email address) so it is not a good option.
I can see in the web.config for adfs/ls that local authentication types has integrated at the top of a list that also includes forms, tls, and basic. Would adjustment of this order have any effect?
Based on what you can tell from our environment, what might my options be to allow login using only username when browsing using IE?