stevenha

Exchange and Office365 Adventures from the world of Microsoft Premier Field Engineering

Customizing the ADFS forms based login page

Customizing the ADFS forms based login page

  • Comments 35
  • Likes

By default, the ADFS forms based login page supplied by an ADFSProxy server is a best pretty boring and at worst inaccurate.

Out of the box, it looks like this:

Wouldn't it be nice to:

  • Add some pretty logos?
  • Correct that Domain\username example so it show UPN format?
  • Change the instruction text?
  • Give the page a better title than "Sign In"?
  • Remove or change that hostname header above the login box?
  • Add an "Authorized Use" text block at the bottom to keep the lawyers from bugging you?

     

 

Well, if you agree, today is your lucky day!

Please, keep in mind that it is quite possible (likely even) that some of the changes I describe below will be overwritten when you apply any update to ADFS. Make sure you:

  1. Back up your original files, in case you need to revert to the stock config
  2. Have backup copies of your changes, in case they get stomped on by an update.
  3. Understand that you may have to re-do your changes after an update as the underlying files may change.

 

These instructions are applicable to ADFS 2.0 with update rollup 2. I have not tested this with any other past or future version.

Having covered all necessary behinds…on with the show

 

Adding a Logo

  • Logo image file should be 600x100
  • Save image file to c:\inetpub\adfs\ls\logo.jpg (or logo.png)
  • Open c:\inetpub\adfs\ls\web.config in notepad
  • Locate text
    <!--
    <add key="logo" value="logo.jpg" />
    -->
  • Remove the "<!--" and "-->" to uncomment the section. Change filename to match the logo you saved.
  • Save file and close


Change the "Example" Instructions

  • Go to C:\inetpub\adfs\ls\App_GlobalResources
  • Edit file CommonResources.en.resx in Notepad (replace the "en" with your localization code if not English)
  • Locate text:
    <data name="UsernameExample" xml:space="preserve">
    <value>Example: Domain\Username</value>
    </data>
  • Edit this text to be what you want
  • Save File and close

Change the Instruction Text

  • Edit CommonResources.en.resx in Notepad as per item above
  • Locate text:

    <data name="FormsSignInHeader" xml:space="preserve">

    <value>Type your user name and password.</value>

    </data>

  • Edit this text to be what you want
  • Save file and close

Change the Page Title

  • Go to C:\inetpub\adfs\ls\App_GlobalResources
  • Edit file CommonResources.en.resx in Notepad
  • Locate text:
    <data name="FormsSignInPageTitle" xml:space="preserve">
    <value>Sign In</value>
    </data>
  • Edit this text to be what you want
  • Save File and close

     

     

Remove or Change the Hostname Header Above the Login Box

  • Go to C:\inetpub\adfs\ls\MasterPages
  • Edit MasterPage.master.cs in Notepad
  • Locate text:
    {
    PageTitleLabel.Text = Page.Title;
    STSLabel.Text = FriendlyName;
    }
  • Change this text to what you want. Your text MUST BE IN QUOTES. Like this
    STSLabel.Text = "Contoso Limited Single Sign On";
  • Save File and close

     

Add an "Authorized Use" disclaimer or other text at bottom of page

 

  1. Go to C:\inetpub\adfs\ls\MasterPages
  2. Open MasterPage.Master in Notepad (not MasterPage.Master.cs)
  3. Locate text at the end of the file:
    <div class="MainActionContainer">
    <asp:ContentPlaceHolder ID="ContentPlaceHolder1" runat="server">
    </asp:ContentPlaceHolder>
    </div>
    </div>
    </form>
    </body>
    </html>
  4. Add a section here (added text hightlighted):
    <div class="MainActionContainer">
    <asp:ContentPlaceHolder ID="ContentPlaceHolder1" runat="server">
    </asp:ContentPlaceHolder>
    </div>
    <div class="GroupLargeMargin">
    <div class="TextSizeLarge">
    <asp:Label ID="STSFooter" runat="server"></asp:Label>
    </div>
    </div>

    </div>
    </form>
    </body>
    </html>
  5. Save file and close
  6. Edit file MasterPage.Master.cs in Notepad
  7. Locate text:
    protected void Page_Load( object sender, EventArgs e )
    {
    PageTitleLabel.Text = Page.Title;
    STSLabel.Text = FriendlyName;
    }
  8. Add a line (added text highlighted)
    protected void Page_Load( object sender, EventArgs e )
    {
    PageTitleLabel.Text = Page.Title;
    STSLabel.Text = FriendlyName;
    STSFooter.Text = "This is a secured, private computer system owned by Contoso. All Information contained on this system is deemed to be PRIVATE, PROPRIETARY, CONFIDENTIAL and the property of Contoso, Inc., its affiliates, divisions or subsidiaries. Unauthorized access or use is strictly prohibited. Any use of Contoso resources must be in compliance with Contoso policies including Electronic Mail/Communication; Information System Usage; Corporate Disclosure; Unauthorized Use of Software and the Code of Business Ethics. By using Contoso resources, you agree to comply with Contoso policies. Any unauthorized access to or use of Contoso Resources may be punishable in a court of law and may include termination of employment or contract with Contoso.<br>To protect your account from unauthorized access, Outlook Web Access automatically closes its connection to your mailbox after a period of inactivity. If your session ends, refresh your browser, and then log on again.";
    }
  9. This text is all on one line. If you need or want a linefeed in the text use <br>, like here.
  10. Save file and close

 

 

These are just a few of the theme elements you can fiddle with on the ADFS Proxy form. As you play with these, you will see other text tidbits you may want to adjust. Just be certain to follow my warnings and back everything up before and after your fiddling.

 

Steve

Comments
  • Thanks -- this is very helpful!

  • Sweet !!!!!!!!!

  • This has been a great help to us.....do you know how I can make text that is in the disclaimer to be a hyperlink? thanks again.....

  • The disclaimer is in HTML format, so you could add a hyperlink anywhere in the text block.  Like this:

    <a href="www.contoso.com/privacy.htm">View our full privacy policy online</a>

  • Great post - I'm trying to add HTML to the disclaimer (inserting Image source tag and some font tags) but the page generates an error.  It seems to be related to using double quotes - perhaps it breaks quoted bounds of the STSFooter.Text from your example.

    Has anyone been successful at adding an image source or a link href tag to the disclaimer?  How did you accomplish this?

    Any ideas?

  • Thanks - this is very useful.

    One question, Is it possible to dynamically display the target application name in the login page?

    Say if ADFS is used by multiple applications, when the form is displayed to the user, it would be nice to say which application they are required to login for.

  • Thanks for the info provided. \m/

  • I've been trying to implement a custom sign in page for a while - these concise and accurate instructions helped me resolve it in very short order. Brilliant, many thanks.

  • for adfs can we provide access control on the list of relying parties thats shown?

  • can anyone please help

  • meaning can i log into the idp and only get a list of applictions that i am allowed to see?

  • current adfs shows ALL relying parties configured against it, disregarding my logo access, can we have access control on the list in anyway?

  • Kevin, That question goes beyond my scope of knowledge.  Please check out the ADFS 2.0 content map: social.technet.microsoft.com/.../2735.ad-fs-2-0-content-map.aspx

    You may find an article there.

  • Hello Steve and everybody else :-)

    I have tried to create a new separate "AD FS Terms of Use" page in ASP.NET and put it in C:\Inetpub\adfs\ls with the rests of the AD FS files. It's a very simple page and it works in Visual Studio but not on my ADFS 2.0 CU2 server. I finally managed to create a "AD FS Terms of Use" by copying the idpinitiatedsignon.aspx page, renaming it to tou.aspx and commenting out almost all the code it originally contained and adding my own (I also made a copy of idpinitiatedsignon.aspx.cs and renamned it tou.aspx.cx and added a method to handle a simply Close page button). The page works great with the original content being commented out so I thought that since it's commented out and not in use I might as well remove it but then the page fails to load. What I cannot understand is why it works when the orignial ASP.NET code is simply commented out but not when it's removed. If it's commented out it's not in use right so what is the difference? Is there some mechanism that checks the aspx files for original "AD FS" content in order for them to work?

    Best Regards

    Robert

  • Hi Steve,

    Adding an hyperlink is not working as expected. After putting the <a href="www.contoso.com/privacy.htm">View our full privacy policy online</a>  inside the test block,  I am only getting a blank page.

    Anyways, Thanks a lot for the detailed post. Helped me a lot.

    Cheers

    Shaba

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment