I'm trying to get ADFS 3.0 to perform authentication using a DoD CAC. This smart card carries 3 certificates (encryption, signing, and
identification). In a working authentication scenario (not using ADFS), the Windows Security prompt presented by the browser allows a user to specify which of the certificates (it gives the option of 2, actually, but it does present an option) should be used
for authentication. The "Email" certificate is the one to choose for a successful login, but if the other is selected, the browser will fail to authenticate and present a different Windows Security prompt with the top option being "Use another
account" (to perform username/password authentication) and the second option being "Smart card credential" with the option to enter the card's PIN. From here, all is lost... smart card authentication won't happen because the option to select
the "Email" certificate is not presented without closing the browser and starting over. If I try to test my ADFS 3.0 implementation using the IdpInitiatedSignon.aspx page, the second Windows Security prompt is the only one ever presented. I never
get the option to select the "Email" certificate so the attempt to login loops and never succeeds. How do I get ADFS to offer up the Windows Security prompt that I describe first where the option to select a certificate is presented? Thanks in advance.
↧