none
Client environment adfs login RRS feed

  • Question

  • Hello, I am currently working with a client who is attempting to navigate to a URL which needs to log into their domain using chrome with an automated service. Instead of a standard windows form page (paginated sign-in i believe it's called),we are receiving a pop up with the credentials prompt. I have investigated and found another thread which mentioned checking AD FS authentication policies and enabling forms authentication for both extranet and intranet which I have instructed the client to do but we are still seeing the pop up. Any help would be appreciated.

    Thanks,

    Chris

    Thursday, September 26, 2019 5:41 PM

Answers

  • It sounds like ADFS is configured to allow Windows Integrated Authentication on the intranet and the WIASupportedUserAgents property has been modified to allow Chrome to attempt WIA. Is the same behavior seen with IE? If so, make sure that the URL of the ADFS server has been added to the intranet zone of the workstations. That should allow for IE/Edge/Chrome to seamlessly sign in with the user's current credentials.

    This is assuming that the workstations are joined to a domain in the same or trusted forest as ADFS. If they aren't then I don't believe there is a way to make WIA work. In which case removing Chrome from the WIASupportedUserAgents should fix the problem.

    • Marked as answer by cfavela Thursday, October 17, 2019 8:35 PM
    Friday, September 27, 2019 2:36 PM

All replies

  • It sounds like ADFS is configured to allow Windows Integrated Authentication on the intranet and the WIASupportedUserAgents property has been modified to allow Chrome to attempt WIA. Is the same behavior seen with IE? If so, make sure that the URL of the ADFS server has been added to the intranet zone of the workstations. That should allow for IE/Edge/Chrome to seamlessly sign in with the user's current credentials.

    This is assuming that the workstations are joined to a domain in the same or trusted forest as ADFS. If they aren't then I don't believe there is a way to make WIA work. In which case removing Chrome from the WIASupportedUserAgents should fix the problem.

    • Marked as answer by cfavela Thursday, October 17, 2019 8:35 PM
    Friday, September 27, 2019 2:36 PM
  • Did you find a fix?
    Saturday, September 28, 2019 7:13 PM
  • Hello sorry for the late reply was waiting on client verification. Yes adding and removing that WIAsupportedUserAgent seems to be the root cause. I was able to replicate it in my environment and the client was able to do the same. 

    One difference between your answer and our resolution was removing "Mozilla/5.0" instead of Chrome. Would you happen to know what relationship mozilla would have with adfs and chrome?

    Thank you.


    • Edited by cfavela Thursday, October 17, 2019 8:37 PM
    Thursday, October 17, 2019 8:35 PM
  • Yes, thank you
    Thursday, October 17, 2019 8:36 PM