In my last article, I talked about how to get CRM IFD to work with ADFS 3.0 (i.e., the version installed on Windows Server 2012 R2). That article will get you up and running, but only at the default, bland logon page. What if you want something customized to your organization? Fortunately, this is fairly easy to do.
The biggest thing to understand is that ADFS no longer uses IIS for the pages. So, you cannot customize the look and feel by simply editing a config file.
That being the case, how do you get from this:
To this?
It’s actually simpler than expected.
I only made a few simple changes, all via PowerShell from the ADFS server.
Let me break them down, one by one:
1 |
Import-Module ADFS |
This simply adds the ADFS commands to PowerShell. It’s necessary so the rest can run.
1 |
Set-AdfsGlobalWebContent –CompanyName "eimagine" |
This sets the name that is listed above the logon form. Alternately, you can set a logo instead – for that, you would use the command below, changing the path to point to the correct logo:
Set-AdfsWebTheme -TargetName default -Logo @{path=”c:\Contoso\logo.png”}
1 |
Set-AdfsWebTheme -TargetName default -Illustration @{path="c:\CRM-background.png"} |
This sets the “illustration” – the image to the right of the sign-in form. Just change the path from “c:\CRM-background.png” to the path to your image. Microsoft recommends the dimensions for the illustration to be 1420×1080 pixels @ 96 DPI with a file size of no greater than 200 KB.
1 |
Set-AdfsGlobalWebContent -SignInPageDescriptionText "<P><B>Sign-in requires format EIMAGINE\username.</B></P>" |
This inserts the text right below the sign-in screen – it uses basic HTML for formatting. Simply type whatever text you want between the quotation marks.
And that’s it! Just a few simple changes and you have your custom ADFS 3.0 logon page!
There are plenty more options to customize ADFS 3.0 as well – you can find them on Microsoft’s TechNet page on Customizing ADFS Sign-in Pages.
Have questions or issues with your Dynamics CRM? We can help!
Can we remove @ 2013 Microsoft from footer?
Unfortunately, that seems to be outside the realm of the ‘easy’ changes in PowerShell I outlined above and at the TechNet link above.
You’d probably need to edit the onload.js file, which does require JavaScript scripting knowledge; see here for more information: TechNet Advanced Customization of AD FS Sign-in Pages
Steps to remove the copyright, hope it helps.
1. New-AdfsWebTheme –Name “ThemeName” –SourceName default
2. Export-AdfsWebTheme -Name custom -DirectoryPath C:\SomeFolder
3. Modify the “Style.css” and modify the #copyright class
4. Something like this: #copyright {display:none;}
5. Apply the new theme
Set-AdfsWebTheme -TargetName “ThemeName” -StyleSheet @{locale=””;path=”C:\SomeFolder\css\style.css”}
6. Activate the new theme: Set-AdfsWebConfig -ActiveThemeName “ThemeName”
Is there a way to modify the copyright text at the footer?
I tried editing the style.css file but don’t we need a corresponding html file to add the footer text?
Can we get the username file pre-selected, its an ask from one of my client that Username filed should be auto selected, so that user can just start typing his username.
Hi Arvind! If you mean having the username field pre-selected, that is based on the browser. When using Internet Explorer on the three active ADFS logon pages I have currently, the username field is always selected with the cursor in it when the page loads. If you are not using Internet Explorer, you may need to research the browser you are using.
So, here’s one I can’t find the answer to: what if I want to get rid of the illustration section altogether? In other words, I don’t want any images. I simply want to center my sign-in box on a plain while background. How do we do that?
Hi DJ, in order to do that you will need to create a new custom web theme for the sign in page as outlined near the bottom of the page here: http://technet.microsoft.com/en-us/library/dn280950.aspx
How do I reset the Illustration pane back to the default?
Is there a way to remove the domain from the username where the person only needs to supply their username? for example on the login page the user needs to enter domain\username and we want the user to only enter their username. I know this will be an issue when with federation by removing the scope but I am looking for a way to have it default to a domain if one is not provided.
Copy default theme to custom, export the default theme, edit onload.js with the following code (edit YORIDOMAIN), then upload to your custom theme, activate your custom theme.
if (typeof Login != ‘undefined’){
Login.submitLoginRequest = function () {
var u = new InputUtil();
var e = new LoginErrors();
var userName = document.getElementById(Login.userNameInput);
var password = document.getElementById(Login.passwordInput);
if (userName.value && !userName.value.match(‘[@\\\\]’))
{
var userNameValue = ‘YOURDOMAIN\\’ + userName.value;
document.forms[‘loginForm’].UserName.value = userNameValue;
}
if (!userName.value) {
u.setError(userName, e.userNameFormatError);
return false;
}
if (!password.value)
{
u.setError(password, e.passwordEmpty);
return false;
}
document.forms[‘loginForm’].submit();
return false;
};
}
Do we need to execute the command on the ADFS Proxy server too?? ( changing illustration theme)
IS there a way to enable HSTS for ADFS 3.0? I had it working for ADFS 2.1 but because 3.0 doesn’t have the IIS interface to add custom headers I’m not sure how now.
Is possible to send another input value to ADFS server beside username/password on Form post. Like by adding input field in form element and setting some value from javscript before posting
How can I make this page ADA compliant. My images have the proper ALT tags but how can add the form labels?