Customizing ADFS 3.0 Sign-in Page


Introduction

In ADFS 3.0 (aka ADFS in Windows Server 2012 R2) customization of Sign-in page is quite different from the earlier versions of ADFS. This post gives an overview of Sign-in page customization in ADFS 3.0.

Customization Options

In ADFS 3.0 there is no dependency on IIS. Hence, there is no IIS available in the ADFS 3.0 Server. Because of this, you do not have any .aspx or .master page in the file system which you can go ahead and edit directly to apply the customizations you need.

In this version of ADFS 3.0, any customization should be done by using PowerShell commands and all the customizations are stored in the ADFS configuration database instead of file system. The advantage is that there is no need to update the files in individual ADFS instances in a farm kind of scenario. Execute the PowerShell commands once and all the ADFS instances in the farm are reflected with the customizations.

Figure: General Sign-in page ADFS 3.0

There are two options for customizing the sign-in page.

Customizing Logo, Footer Links, Sign-in description using PowerShell commands

  • PowerShell commands for customizing individual parts of the sign-in page are documented in Microsoft TechNet article – https://technet.microsoft.com/en-in/library/dn280950.aspx
  • Though these PowerShell commands give you quick way to customize Logos and descriptions, sometimes you might need to customize the entire theme of the sign-in page by applying new styles.
  • I had a similar requirement to completely change the look of sign-in page. As we don’t have much control using this option of customization, I had used the second option – using Custom Web Themes to customize sign-in page.

Custom Web Themes

Using this option of customizing the sign-in page gives you much control since you now have control of the CSS and JavaScript files used in the sign-in page. The final sign-in page after applying custom web theme looks as below.

Figure: ADFS 3.0 Sign-in page after applying custom web theme

Custom web theme allows us to customize the CSS Style Sheet, Logos, and JavaScript file which are used in the construction of Sign-in page. Below is the procedure to build a custom web theme.

  1. Export the files used in Default web theme of ADFS. Default web theme comes by default out-of-box with ADFS.

            Export-AdfsWebTheme –Name default –DirectoryPath c:\custom-theme

  1. Create a new theme and name it as you like (Ex: custom-theme)

   New-AdfsWebTheme -Name "custom-theme" -SourceName default

  1. Now, edit the files exported in Step-1. You can edit style.css, onload.js and add images. The theme folder structure is as below: 

ThemeRoot

        |-css

            |-style.css

            |-style.rtl.css

        |-images

            |-logo.png

        |-script

            |-onload.js 

  1. After modifying the logo, you can apply it to the custom-theme using the PowerShell command below. 
Set-AdfsWebTheme -TargetName "cusotm-theme" -Logo @{Locale="";path="C:\custom-theme\images\logo.png"}
  1. After modifying the style sheet (style.css and style.rtl.css) apply the same to the new theme.

 Set-AdfsWebTheme -TargetName "custom-theme" -StyleSheet @{Locale="";path="C:\custom-theme\css\style.css"} -RTLStyleSheetPath "C:\custom-theme\css\style.rtl.css"

  1. After modifying the JavaScript file (onload.js) apply the same to the new theme.

 Set-AdfsWebTheme -TargetName $ThemeName -AdditionalFileResource @{Uri="/adfs/portal/script/onload.js";path="C:\custom-theme\script\onload.js"}

  1. And finally activate the new custom theme in ADFS to start seeing the changes

 Set-AdfsWebConfig -ActiveThemeName "custom-theme"

  1. If you are not satisfied with the changes you have done, update the files again and apply them to the custom-theme as mentioned in the above steps. 

  

Comments (18)

  1. Manoj Choudhari says:

    Thanks.  This was really helpful.

  2. Sai Abhilash says:

    Really nice post. Helped me a lot. Thank you.

  3. Jay says:

    This is good. Helpful.

  4. Hari kishan T says:

    Thanks Sampath.. Your post is really helpful to me and gave me a great relief to all the problems that i was facing in my project. Cheers!!

  5. MC says:

    Is there a way to have multiple custom login pages? We have different external applications and each needs to have different branding

    1. ivan says:

      I know this post is super late, but figured I would post it anyway. Not sure if you are asking whether each RP can have its web theme. If yes, then this is possible in Windows Server 2016. https://technet.microsoft.com/itpro/powershell/windows/adfs/set-adfsrelyingpartywebtheme

  6. Paul says:

    I have the same question as MC. Is this possible?

  7. @ MC, Paul – No, We can't have multiple custom login pages with Active Directory being the claims Provider. Alternative is to use custom claims provider with its own login page.

  8. Imran says:

    How did you change someone@exaple.com to domainusername?

  9. Sampath Kumar Kamati says:

    I have changed  someone@example.com to domainusername by using the JavaScript code in onLoad.js file. Below is the code:

    // Code to change "someone@example.com" placeholder in userName input text box.

    var userNameInputTextBox = document.getElementById('userNameInput');

    if (userNameInputTextBox) {

       var placeholderText = 'Domain\Username';

       if (userNameInputTextBox.placeholder)

           userNameInputTextBox.placeholder = placeholderText;

    1. Joseph says:

      This code is not compatible with the one published by microsoft here (under example 2):

      https://technet.microsoft.com/en-us/library/dn636121.aspx

      Do you know if there is a way to get the overall look and feel you got, while at the same time have example 2 working?

      1. Justin Grote says:

        Joseph,

        The problem with the code above is it is missing a trailing }. If you add that at the end it works fine.

        Recommend you use Chrome after implementing the onload.js and hitting F12. It will tell you all the Javascript errors that may be occurring and where, and is invaluable when implementing these kinds of customizations.

  10. Manju says:

    Is this customization (Custom Web Themes ) available for cloud also?

  11. iamme says:

    Typo on step #4 cmd.

  12. Payam Zare says:

    i want to change the copyright text at the bottom of page. please help me to change that text

  13. Ken Watts says:

    Can you provide the sources (css/js/png) that you used in this example? That would be helpful in determining how you re-positioned the logo and text boxes. Thanks!

  14. Mike Smith says:

    I’m trying to use the onload.js modifications:

    // Sample code to change “Sign in with organizational account” string.

    // Check whether the loginMessage element is present on this page.
    var loginMessage = document.getElementById(‘loginMessage’);
    if (loginMessage)
    {
    // loginMessage element is present, modify its properties.
    loginMessage = ‘Sign in with your email account’;
    }
    // Code to change “someone@example.com” placeholder in userName input text box.

    var userNameInputTextBox = document.getElementById(‘userNameInput’);

    if (userNameInputTextBox) {

    var placeholderText = ’email.address@mydomain.com’;

    if (userNameInputTextBox.placeholder)

    userNameInputTextBox.placeholder = placeholderText;

    I update it in the custom theme I made in c:\theme

    PS C:\Windows\system32> Set-AdfsWebTheme -TargetName custom -AdditionalFileResource @{Uri=”/adfs/portal/script/onload.js”;path=”C:\theme\script\onload.js”}
    PS C:\Windows\system32> Set-AdfsWebConfig -ActiveThemeName “custom”

    I can see my code in the view source, but the dang elements didn’t change.

    Hoping you may have some insight. I changed it back to “default” theme for now.

    1. Can you check if there are any JavaScript errors on the browser’s console window? I suspect the first code block in which you are trying to alter the login Message. You are assigning a string value to element which I guess is not allowed.

      The below lines should be used to alter the loginMessage:
      // Code to change “Sign in with organizational account” string.
      // Check whether the loginMessage element is present on this page.
      var loginMessage = document.getElementById(‘loginMessage’);
      if (loginMessage) {
      // loginMessage element is present, modify its properties.
      loginMessage.innerHTML = ‘Sign in with your email account’;
      }

  15. Radoslaw says:

    Is there any way to check some AD account properties after bind to AD, then perform custom logic on server side and finally proceed with logon or just deny (depending on propertioes of the user AD account) ? Previously it was possible to modify server side aspx logon page. Now it seems to be impossible.

Skip to main content