Hi All,
I just setup ADFS on 2012 for SAML2. Unfortunately this was shoved Production by the departmemt we set this up for without enough testing. We are having an issue I was hoping that you could shed some light on. Some of our computers are configured to use restricted generic user accounts as a part of an SSO solution we use. These machines have had a Group Policy change pushed to turn off the Internet Explorer automatically login with current credentials setting to stop the generic user from logging in automatically through ADFS to our Learning Management System, where these users have no account. Suffice it to say the far end has SAML2 but only in a version 1 fashion, and the generic users can't sign in there. We need them to be prompted to enter credentials on these stations manualy. This is working. However, some of these workstations are placing the hostname of the ADFS server in the username field formatted as the domain. This presents a problem as our users for the most part, don't and won't pay attention to this and don't want to type the proper domain name into the logon box. If they clear it, authentication fails, they have to specify the domain name if it autofills with the wrong information. Additionally, we are seeing this occasionally for external machines not on the domain. I have spent many hours googling and looking at technet docs but can't find anything. Do you have any suggestions? Thanks in advance.
