IT Infrastructure 005: ADFS, Custom Sign-On Page

Once you have your ADFS up and running, you can go on to customise the sign-on page (default URL is https://servername.yourdomain/adfs/ls/IdpInitiatedSignOn.aspx ). It will be helpful for you to first understand how the page is constructed.

login screen

ADFS default sign-on page. Source


How it works

Residing on the ADFS server, there is a group of resources called the web theme. The various components within the web theme determines the look and feel of your sign-on page, and therefore you have to identify and modify those resources that you wish to change.

Unlike previous versions of ADFS, where the page is hosted on an Internet Information Server (IIS) and the resources can be easily modified, with the new ADFS version 3, you will need to make use of Powershell cmdlets to make all the changes. Firstly, you will need to export the web theme from the system, next you will edit the theme resources to your liking, and finally import the changes into the system.

There is a family of Powershell cmdlets for you to modify the sign-on page without any coding, but if you would like to have more freedom over the customisation, take note of the following web theme resources:

The following are brief descriptions of the scripts required. View them on github.

onload.js
This is the Javascript file that will be executed every time the sign-on page loads. This script allows you to modify HTML elements of the sign-on page. Use developer tools in your browsers to study the HTML file of your sign-on page and identify the elements you would like to change. In my example, I have removed certain elements that I do not want my users to see, as well as added my own welcome message for the page.

style.css
This is the Cascading Style Sheet (CSS) file used by the server to format your sign-on page. It is divided into three segments of styles, the theme styles, the common styles, and the form factor styles. You should study the file carefully before editing the styles. Based on Microsoft Technet, it is a best practice not to modify the theme styles as they are used across all pages. In my example, I have changed the colour of the buttons, as well as hidden the Microsoft copyright.

Instead of keying in the Powershell cmdlets for every single changes, you can create a Powershell script that can automate this process for you. The following is a simple script that I have been using. Whenever I modify any of the resources, I can conveniently run this script to import those changes into the system.

### This is a powershell script to update ADFS sign-on portal.
### Create this directory "c:\sso_theme\" and place this script in it.
### To run, please type the following command in powershell:
### & "c:\sso_theme\runtheme.ps1"

### Please make sure to first set the active theme as "custom1" by running the following commands:
# New-AdfsWebTheme -Name custom1 -SourceName default ##clones a new theme named "custom1" from the default theme
# Set-AdfsWebConfig -ActiveTheme custom1 ##sets the theme "custom1" as the active theme

### You can also export the theme to modify:
# Export-AdfsWebTheme –Name custom –DirectoryPath c:\theme

### You can freely modify style.css, onload.js, the logo and the illustration of the sign-on portal
### Once done, the following commands will update the theme:
Write-Host "Updating theme custom1 ..."
Set-AdfsWebTheme -TargetName custom1 -StyleSheet @{path="c:\sso_theme\style.css"}
Set-AdfsWebTheme -TargetName custom1 -Logo @{path="c:\sso_theme\logo.png"}
Set-AdfsWebTheme -TargetName custom1 -Illustration @{path="c:\sso_theme\image.png"}
Set-AdfsWebTheme -TargetName custom1 -AdditionalFileResource @{Uri="/adfs/portal/script/onload.js"; path="c:\sso_theme\onload.js"}
Write-Host "Customisation completed!"

Additional Information:

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s