After implementing ADFS the other day, we noticed that users on Windows 10 weren’t seeing SSO via ADFS when using the edge browser.
As a default, ADFS looks for certain strings from the browser to identify what the user is using as well as which ones are supported.
Since Edge came out, the version of ADFS that ships with Server 2012 R2, the edge string isn’t included, only the following by default:
- MSAuthHost/1.0/In-Domain
- MSIE 6.0
- MSIE 7.0
- MSIE 8.0
- MSIE 9.0
- MSIE 10.0
- Trident/7.0
- MSIPC
- Windows Rights Management Client
Some information on configuring intranet forms based authentication
The string we need to add is “Edge/12”
The easiest way to do this is with a simple bit of PowerShell:
$Props=Get-ADFSProperties | Select -ExpandProperty WIASupportedUserAgents $Props=$Props+"Edge/12" $Props Set-ADFSProperties -WIASupportedUserAgents $Props Restart-Service adfssrv
With this we read in the current browser strings into an array using Get-ADFSProperties
We then append the new string for the Edge browser (Edge/12)
Then we set the WIASupportedUserAgents properties and then finally restart the ADFS service
This will then allow users to benefit from SSO using the Edge browser.