This is some very common and easy to solve, so in order to get browser to support SSO on the Intranet to ADFS is it necessary to include some useragent.
In case you have Chrome version 50 or lower you will need to disable the property “ExtendedProtectionTokenCheck”
Set-ADFSProperties –ExtendedProtectionTokenCheck None
But I hope that you’re keeping up to date all the versions in your system, so continue reading 🙂
With the following command you will be able to get all the properties that you currently have in your ADFS farm:
[System.Collections.ArrayList]$UserAgents = Get-AdfsProperties | select -ExpandProperty WIASupportedUserAgents
Execute the following command to inject the user agent into a temporary array of user agents already added to ADFS.
Execute the following command to commit the change.
Set-ADFSProperties -WIASupportedUserAgents $UserAgents
Restart the ADFS service in all servers of the farm, and you can check your changes with the following command:
Get-ADFSProperties | Select -ExpandProperty WIASupportedUserAgents
That’s all folks!
3 thoughts on “ADFS: Enable SSO for Edge and Chrome”
Hi, it’s not working. I can add the agents but login still appears
Have you restarted the ADFS service? It appears internal or externally? did you add the STS web page to the Internet Explorer Intranet site settings?