Registering a custom ADFS MFA provider the easy way

Starting with Windows Server 2012 R2, and as demonstrated there, you can create yourself your own multi-form factor authentication in any .NET language that can create interfaces. Once you have created your DLL assembly, you must register it with Register-AdfsAuthenticationProvider. However the syntax for the TypeName argument is somewhat cumbersome. In the post already mentioned, many steps are necessary; however you can automate many of these.

In particular there is no need for the sn.exe tool to be run as the public token can be retrieved once the assembly is registered.

Therefore, a simplified procedure is:

  1. Copy the DLL into some directory
  2. Register the DLL Assembly in the GAC. If you do not know do how to do it, refer to this post.
  3. Create the Typename parameter contents by gluing  the following two parts:
    • the namespace qualified name of the class implementing the IAuthenticationProvider. If you do not this information look at the different types the assembly implement and throw away types with Metadata or Presentation in their names
    •  a comma and a space
    • the DLL assembly full name
  4. Run the cmdlet

Here is a step-by-step example


Do not forget that the DLL must be deployed on all the AD Federation Services servers of your farm, but there’s no need to deploy it on the AD FS proxies.

If you are interested in, the code for the dll mentioned above is available at github.

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.