Tuesday, 8 December 2015

Adding Windows 10 Edge support for ADFS

After implementing ADFS the other day we noticed that users on Windows 10 weren't seeing SSO via ADFS when using the edge browser.

As a default, ADFS looks for certain strings from the browser to identify what the user is using and which ones are supported.

Since Edge came out after the version of ADFS that ships with Server 2012 R2, the edge string isn't included, only the following by default:

MSAuthHost/1.0/In-Domain
MSIE 6.0
MSIE 7.0
MSIE 8.0
MSIE 9.0
MSIE 10.0
Trident/7.0
MSIPC
Windows Rights Management Client

This link gives you some information on configuring intranet forms based authentication: https://technet.microsoft.com/en-us/library/Dn727110.aspx

The string we need to add is "Edge/12"

The easiest way to do this is with a simple bit of PowerShell

$Props=Get-ADFSProperties | Select -ExpandProperty WIASupportedUserAgents
$Props=$Props+"Edge/12"
$Props
Set-ADFSProperties -WIASupportedUserAgents $Props
Restart-Service adfssrv

With this we read in the current browser strings into an array using Get-ADFSProperties


We then append the new string for the Edge browser (Edge/12)


Then we set the WIASupportedUserAgents properties and then finally restart the ADFS service


This will then allow users to benefit from SSO using the Edge browser.

No comments: