Active Directory Federation Services (ADFS) 3.0 is built into Windows Server 2012 R2. In this environment, non-Internet Explorer browsers, like Google Chrome and Mozilla Firefox default to forms-based authentication, breaking single sign-on (SSO) authentication.
Following are the steps to change the authentication mechanism from forms-based to Integrated Windows Authentication (IWA).
Log in to your primary ADFS server.
Execute the following command to disable Extended Protection TokenCheck.
Set-ADFSProperties ExtendedProtectionTokenCheck None
- Execute the following command to get the current list of supported user-agents for NTLM authentication.
Get-ADFSProperties | Select -ExpandProperty WIASupportedUserAgents
4.Take all the values you received in step 3 and add Mozilla/5.0 to the end as an allowed user-agent.
Set-ADFSProperties -WIASupportedUserAgents @(“MSIE 6.0”, “MSIE 7.0”, “MSIE 8.0”, “MSIE 9.0”, “MSIE 10.0”, “Trident/7.0”, “MSIPC”, “Windows Rights Management Client”, “Mozilla/5.0”)
5.Restart the ADFS service on each of the ADFS servers for the changes to take effect. You do not need to make any changes to the proxy servers.