By default, ADFS 3 (Windows Server 2012R2) only supports the seamless Single Sign-on (SSO) that we all expect with Internet Explorer browsers. Chrome can be enabled though by following these steps:
1. Login to your on-premises ADFS server and launch PowerShell as administrator.
2. Run the following command to see the current set of supported browsers:
1 |
Get-AdfsProperties | select -ExpandProperty WIASupportedUserAgents |
If you have the default configuration, it will return the following:
1 2 3 4 5 6 7 8 9 |
MSAuthHost/1.0/In-Domain MSIE 6.0 MSIE 7.0 MSIE 8.0 MSIE 9.0 MSIE 10.0 Trident/7.0 MSIPC Windows Rights Management Client |
3. Run the following command to add Chrome support to the list:
1 |
Set-AdfsProperties -WIASupportedUserAgents @("MSAuthHost/1.0/In-Domain","MSIE 6.0","MSIE 7.0","MSIE 8.0","MSIE 9.0","MSIE 10.0","Trident/7.0","MSIPC","Windows Rights Management Client","Mozilla/5.0") |
4. Confirm your change running the same get command from step 2. You should have the following output:
1 2 3 4 5 6 7 8 9 10 |
MSAuthHost/1.0/In-Domain MSIE 6.0 MSIE 7.0 MSIE 8.0 MSIE 9.0 MSIE 10.0 Trident/7.0 MSIPC Windows Rights Management Client Mozilla/5.0 |
5. Restart the ADFS service to apply changes:
1 |
Restart-Service adfssrv |
All done!