I want separate claimproviders for intranet access and extranet access to my relying party.
For Intranet I want windows authentication and having configured
Set-AdfsProperties -IntranetUseLocalClaimsProvider $true
and configuring only windows authentication as authentication method for Intranet users on intranet are logged directly on.
However, for extranet access I have configured a custom token provider and I want this claimsprovider to be used without users having to choose between ADFS ActiveDirectory provider and my custom provider.
If I configure
set-adfsRelyingPartyTrust -targetname myRelyingParty -ClaimsProviderName "myCustomProvider"
intranet users are redirected to myCustomProvider regardless of the IntranetUseLocalClaimsProvider setting.
Thus I configure
set-adfsRelyingPartyTrust -targetname myRelyingParty -ClaimsProviderName ("Active Directory","myCustomProvider")
which causes the HRD choose page.
If I configure no extranet authentication methods in ADFS console - the HRD choose page is still shown and an error
MSIS7104 : The policy does not allow any users from location 'Extranet'
is logged when selecting ADFS Active Directory provider. Yes - agree - dont show me the option!
Any ideas how to avoid the HRD choose page for extranet users?