ADFS configuration for User Agent Strings in Chrome & FireFox

ADFS configuration

The supported User Agent Strings for ADFS 3.0 by default do not support Single Sign-On from Third-Party browsers, i.e. Firefox and Chrome. To enable this functionality you can add additional supported User Agent Strings to the ADFS configuration.

NB – This functionality is also available in ADFS 2.0, although it was not officially supported by Microsoft.

Checking Current Config

To check the currently supported User Agent Strings you should run the following command:

Set-ADFSProperties | Select WIASupportedUserAgents

Adding Support for Chrome & Firefox

Current versions of Chrome and Firefox (at time of writing) can be enabled by adding Mozilla/5.0 to the Supported User Agent Strings. An example of the command used for adding the required User Agent String is as follow:

Set-ADFSProperties -WIASupportedUserAgents @(“MSAuthHost/1.0/In-Domain”, “MSIE 6.0”, “MSIE 7.0”, “MSIE 8.0”, “MSIE 9.0”, “MSIE 10.0”, “Trident/7.0”, “MSIPC”, “Windows Rights Management Client”, “Mozilla/5.0”)

You should add the current list of Supported User Agents to a custom variable and then append the Mozilla/5.0 agent string to ensure that no other functionality will be broken.

User Experience

You should note that when a browser is added to the list of Supported user agents, if the client does not authenticate using Windows Integrated Authentication it will not fall back to Forms-Based authentication, but to Basic as per ADFS 2.0.

The most elegant solution for achieving this behaviour is to inject a custom user agent string into client browsers using Group Policy (therefore setting for all client machines inside the network that will integrate using WIA) and setting the WIASupportedAgents to just that custom string, so they will authenticate using WIA. Those without the User Agent String will fall back to Forms-Based as they are not using a WIA supported agent.

To learn more about ADFS on android read our other blog here

Or to learn more about Office 365 Single sign-on in Outlook read here

Book a discovery call advert
Cloud Business logo white
Microsoft Gold Partner Logo - Cloud Business

Cloud Business Limited
5 Elmwood
Chineham Business Park
RG24 8WG

2023 © Cloud Business Limited
Registered Company in England and Wales 06798438