Dec 20

Written by:
Tuesday, December 20, 2016 8:56 PM 

You have a Visual Studio (VS 2013 in my case) connected to Azure by an account of the “gibel.net” domain.

At the beginning, this is a “normal” managed domain and everything works fine.

Then you convert this domain by the following PowerShell (msonline / azure module necessary) cmdlet to a “federated” domain

Convert-MsolDomainToFederated –DomainName gibel.net

Now you have the advantage that when you login to the Office 365 portal  “http://portal.office.com” by Internet Explorer from a domain joined PC with a “@gibel.net” Enterprise Account (Synchronized by Azure AD Connect from On Premis AD to Azure AD) you don’t have to login again! SSO is working when you have added your On Premise federation service URL to the “Local intranet” zone.

 

You are automatically redirected to the On Premise ADFS (published by ADFS proxy) authenticated and signed in.

But after changing the domain to “Federated”, the connection from Visual Studio to Azure doesn’t work any more!

The follwoing ADFS error (Fehler) page is presented:

 

What’s the solution to get this working again?

Open your on premise ADFS mmc snapin and switch to “Authentication Policies”

<Edit> the “Global Authentication Policy” and in the Intranet section select “[x] Forms Authentication” too.

This is the end result:

When you connect againg from Visual Studio you get the ADFS – Form Authentication where you can enter your username / password

Now you are connected and can see your Webapplication in the Ressourcegroup (RG01) for example.

It’s no single sign on but it work’s again!