Logon using an AD FS federated account fails

[janegilring]

Are there any known issues regarding federated accounts when authenticating to Azure in the Azure Automation ISE Addon?

When trying to log on using a federated account we are redirected to the Active Directory Federation Service (ADFS) logon page and presented with the error "An error occured. Contact your administrator".

If we use an Azure AD user which is not synced from on-premise Active Directory and thus not redirected to AD FS it works as expected.

[eamonoreilly]

I have not tested with federated AD so I suspect it won't work. I'll have to see if I can get a federated account and see what the issue might be. Thanks.

[janegilring]

I see, thanks. Let me know if there are any basic things we can check. I haven`t tested using an MFA enabled account, but that should also work natively if you are using ADAL authentication.

[michaeljprentice]

I use it all the time with synced AD accounts via ADFS. Non-MFA account. I haven't tried with MFA enabled.

[silverl]

I use it with ADFS today successfully. However, what doesn't work for us is pass-through authentication. We still have to type in the username and password, even though we're logged into domain-joined workstations and on the same network as the ADFS proxy.

Pass-through authentication does work for things like Azure Portal, Azure Storage Explorer and Visual Studio. Pass-through does not work for ISE Add-on and SQL Server Management Studio.

It's odd. I've tried to figure out why, but cannot. Whatever container is being used to prompt for credentials may either not be capable of doing the necessary auth negotiations, or is not configured properly.

[eamonoreilly]

I added pass through authentication with commit https://github.com/azureautomation/azure-automation-ise-addon/commit/959f6ade82857a929de1d14a7c000dd545732c9e and it seems that ADFS is working for most people so I'm going to close this issue. Please reopen if there is still an issue with the latest build. Thanks, Eamon