ADFS 3.0 Cancel Button Redirection and Password Change Link

Windows

ADFS 3.0 Cancel Button Redirection

I got asked the other day if i can get the ADFS cancel button on the Update Password page (Expired Password) to redirect back to the original page. After some searching i found a lot of people asking for this feature but no solutions. So below is my own coded solution to solve this problem all you need to do is add it to the end of onload.js, instruction are below the code.

The code will work with:

  • All java enabled browsers
  • Will work with any domain
  • Will work with expired password redirection
  • Will work with all endpoints
    • /adfs/ls/idpinitiatedsignon.aspx
    • /adfs/oauth2/authorize
    • /adfs/ls/

Use the following steps when customizing the onload.js for the AD FS service (Note these steps are taken from: https://technet.microsoft.com/en-us/library/dn636121.aspx).

Customizing onload.js for the AD FS Service

  1. To add your custom logic to onload.js, you need to first create a custom web theme. The theme that is shipped out-of-the-box is called Default. You can export the default theme and use it so that you can start quickly. The following cmdlet creates a custom web theme, which duplicates the default web theme:

  2. You can then export the custom or default web theme to get onload.js file. To export a web theme, use the following cmdlet:

    You will find onload.js under the script folder in the directory that you specify in the export cmdlet above and add your custom logic to the script (see use cases in the Example section below).

  3. Make the necessary modification to customize onload.js based on your need.

  4. Update the theme with the modified onload.js. Use the following cmdlet to apply the update onload.js to custom web theme:

  5. To apply the custom web theme to AD FS, use the following cmdlet:

Password Change Link

So with the above implementation (which works great for expired passwords) we also needed to modify our password change link for any users wanting to change there password via ADFS before it has expired as show in the below screen shot:

adfs-password-change-link-screen

The below code will give you exactly that ability, implementation instruction are located below. You only need to modify the text in the <p> </p> tags to whatever suits your needs. Please leave the link section “<a onclick=”RedirecToPSChange()” href=”#”>” as is or the script will not work.

The above code can be loaded easily by running the Set-ADFSGlobalWebContent and passing the whole code. Tip you single quotes as shown below:

adfs-password-change-link

10 thoughts on “ADFS 3.0 Cancel Button Redirection and Password Change Link

  1. Great tip!

    Have been playing around with this. Is there any reason why you couldn’t just use the document.referrer value to redirect back to rather than attempting to parse the current URL?

    ie
    var RedirectToPage = function () {
    location.href = document.referrer;
    return false;
    }

    This seems to work fine for me, just wondering if there was any particular reason you didn’t use it.

    1. Hey mate,

      Sorry for the late reply, I think there was an issue with going back and forward multiple times and with IDP initiated logon but that could have been my browser but i remember testing it and something just didn’t work right can’t remember what it was.

      Regards,
      Luben

  2. Hi,
    After I implemented the script, everything is working great – passwords are changed, and the Submit and Cancel buttons work correctly. On the Update Password page there is a comma: , displayed in the Username field rather than the default “someone@example.com” I’m trying to troubleshoot but not finding anything. Do you have any ideas?

    These are the results from Get-ADFSGlobalWebContent
    PS C:\windows\system32> Get-AdfsGlobalWebContent
    Locale :
    CompanyName :
    HelpDeskLink :
    HelpDeskLinkText :
    HomeLink :
    HomeLinkText :
    PrivacyLink :
    PrivacyLinkText :
    CertificatePageDescriptionText :
    SignInPageDescriptionText : To change your password please click hereFor a
    forgotten password or other problems please contact the system
    administrator

    var RedirecToPSChange = function () {
    var TheCurrentUrl = window.location.href;
    var TheUrlParts = TheCurrentUrl.split(“/adfs/”);
    if (/[?]/.test(TheUrlParts[1])){
    var TheExtraUrlParts = TheUrlParts[1].split(“?”);
    var TheOrigin =encodeURIComponent(“/adfs/” +
    TheExtraUrlParts[0]);
    var TheUsername =encodeURIComponent(document.getElementById(“user
    NameInput”).value);
    var TheLink = TheUrlParts[0] +
    “/adfs/portal/updatepassword?”+TheExtraUrlParts[1]+”&origin=” +
    TheOrigin + “&username=” + TheUsername;
    window.location.assign(TheLink);
    } else {
    var TheOrigin =encodeURIComponent(“/adfs/” + TheUrlParts[1]);
    var TheUsername =encodeURIComponent(document.getElementById(“user
    NameInput”).value);
    var TheLink = TheUrlParts[0] +
    “/adfs/portal/updatepassword?origin=” + TheOrigin + “&username=” +
    TheUsername;
    window.location.assign(TheLink);
    }
    }

    SignOutPageDescriptionText :
    ErrorPageDescriptionText :
    ErrorPageGenericErrorMessage :

    Thank you.
    Kim

    1. Hey mate sorry for the late reply,
      The script should pass along the username fine are you using this on 2012?

      1. Yes – 2012 R2. Thanks for the reply – I’m not sure what the issue is. I’m not a programmer but the only thing I could find while researching the “replace” function was the $& to replace a string and the first section of code for the onload.js file is:
        RedirectUrl = RedirectUrl.replace(/&$/, ”);

        I haven’t tested that, what I did for now is remove the code in the script that relates to the username variable. It all works with the exception of passing the username.

        1. This line: RedirectUrl = RedirectUrl.replace(/&$/, ”); at the end its two single qoutes so ‘ ‘ with no space and not double quotes “.

    2. Hi

      If you’re still looking for a solution you can add this code:

      After the line:
      var TheExtraUrlParts = TheUrlParts[1].split(“?”);

      Add:
      //make sure we dont have duplicate username
      var params = TheExtraUrlParts[1].split(“&”);
      for (var i = params.length – 1; i >= 0; i -= 1) {
      var param = params[i].split(“=”)[0];
      if (param == “username”) {
      params.splice(i, 1);
      }
      }
      TheExtraUrlParts[1] = params.join(“&”)

      Should fix the issue

  3. I had to change it up a bit, as Modern Auth was having a problem with this line:

    document.getElementById(“cancelButton”).onclick = RedirectToPage;

    This was causing a javascript error popup with the cancelButton not being found (which it won’t on the main page). I modified that line and instead replace it with the last four lines of this code:

    //redirect the password reset cancel button

    var RedirectToPage = function () {
    var CurrentUrl = window.location.href;
    var UrlParts = CurrentUrl.split(“origin=”);
    var PathParts = UrlParts[1].split(“&username=”);
    var RedirectUrl = UrlParts[0].replace(“/adfs/portal/updatepassword”, decodeURIComponent(PathParts[0]));
    RedirectUrl = RedirectUrl.replace(/&$/, ”);
    location.href = RedirectUrl;
    return false;
    }

    var PasswordCancel = document.getElementById(“cancelButton”);
    if (PasswordCancel) {
    PasswordCancel.onclick = RedirectToPage
    }

Leave a Reply

Your email address will not be published. Required fields are marked *