A few weeks ago, I added my OneDrive for Business account, which authenticates via ADFS to my Android mobile app without any trouble at all. Today, while at the office, I tried to access the same account and got a very unhelpful error:
Since I’d had this working before, I disconnected from our corporate wifi and tried again, and it worked.
This is where it’s helpful to understand ADFS communication paths, and authentication configuration. Typically, the internal DNS name for an ADFS service resolves directly to the ADFS server. In other words, that traffic does not run through the ADFS proxy.
Once you understand that, the solution is pretty clear. Let’s start by taking a look at how the ADFS server is configured for authentication. In the ADFS Management MMC, select “Authentication Policies” and look at Primary Authentication:
You’ll notice that Extranet (through the ADFS proxy) and Intranet (direct to the ADFS server) have different methods selected. Since Extranet access works, it’s safe to assume that we just need to add Forms Authentication to the Intranet authentication method:
Once that’s done, my OneDrive app on my Android device is able to prompt for authentication, and I’m able to sign in.
Shane Skriletz, PEI