Does Windows SSO work with ADFS 2016 for OIDC Web Application?

Question

Our web application uses OpenID-Connect (OIDC) Implicit Flow for user login with ADFS 2016. Login generally works, however users get login screen for user name and password.

Does Windows-Login / SSO (kerberos?) work with such setup so users don't get login screen but are automatically logged in with their windows login?

If so, what are requirements for SSO (kerberos?) to work for such setup? What would be first steps to trouble-shoot why login screen is shown?

No that is for application authentication. – Greg Askew Dec 06 '21 at 15:50 — Greg Askew, Dec 06 '21 at 15:50

score 0 · Answer 1 · answered Dec 07 '21 at 14:21

It turns out Windows Integrated Authentication (WIA) indeed works when OIDC web application is connected to ADFS via Implicit Flow.

In our specific case following was missing:

host was not recognized as located on Intranet.
Browser was not recognized as a supported one, even though it was Edge. See https://stackoverflow.com/questions/32053243/adfs-sso-saml-windows-integrated-authentication-does-not-work for a solution.

Does Windows SSO work with ADFS 2016 for OIDC Web Application?

1 Answers1