ADFS ExtendedProtectionTokenCheck popup login window RRS feed

  • Question

  • We are setting up ADFS on Windows 2012 R2.  This is working now, you can login automatically now into the adfs page when already logged into windows on a computer on the local network.

    However, this is only working with Internet Explorer, when using chrome it is required to login.

    To get around that problem we have set ExtendedProtectionToken tot none and added the WIASupportedUserAgents

    Then it also works for Chrome for domain joined computers, but when you go to the ADFS login page from a non-domain joined computer  and ExtendedProtectionTokenCheck is set to None, it gives a popup login prompt where you must login instead of using the normal login form on the adfs page.  

    This works alright, but it is a kinda ugly solution so we don't want to imlement it that way.

    Is there a way around this? We would like to have it so that domain users using both chrome and IE login automatically withouth entering username/password,  AND not getting the popup login prompt window in the browser.

    I am curious about how others have solved this, or should I just live with the fact that only IE can enjoy a full SSO experience?

    Wednesday, October 7, 2015 9:05 AM


  • Hi,
    Thanks for your question. Please note that we mainly focus on ADDS related question in current forum, there is not so much about ADFS aspect here. Please try to post in the dedicated forum below, that's where most ADFS experts hang out:
    The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us. Thank you for your understanding.


    Ethan Hua

    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com

    Thursday, October 8, 2015 4:56 AM