Last active
December 9, 2016 14:11
-
-
Save jhochwald/4d62c2738d81da7b5be74e9458a0d877 to your computer and use it in GitHub Desktop.
Make ADFS Work with Windows 10 and Edge
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
Tweaked Version that prevents the Auth Pop-Up on non Windows devices a bit better | |
These Devices should get the regular Forms based (HTML Page) instead. | |
I was asked: Nope, 'Mozilla/5.0 (Windows NT' is correct, not an error ;-) | |
#> | |
# Execute this on your ADFS Server | |
# If you have more then one, use your primary ADFS server, this is essential! | |
Set-ADFSProperties -ExtendedProtectionTokenCheck None | |
# Should be: | |
# MSAuthHost/1.0/In-Domain | |
# MSIE 6.0 | |
# MSIE 7.0 | |
# MSIE 8.0 | |
# MSIE 9.0 | |
# MSIE 10.0 | |
# Trident/7.0 | |
# MSIPC | |
# Windows Rights Management Client | |
# Check the NTLM enables User Agents | |
Get-ADFSProperties | Select-Object -ExpandProperty WIASupportedUserAgents | |
# Now we append the User Agent 'Windows NT 10.0; WOW64; Trident/7.0', 'Edge/1', 'Mozilla/5.0 (Windows NT' to the List | |
Set-ADFSProperties -WIASupportedUserAgents @('MSIE 6.0', 'MSIE 7.0', 'MSIE 8.0', 'MSIE 9.0', 'MSIE 10.0', 'Trident/7.0', 'MSIPC', 'Windows Rights Management Client', 'Windows NT 10.0; WOW64; Trident/7.0', 'Edge/1', 'Mozilla/5.0 (Windows NT') | |
# Optional: Handle the Fallback for non Windows devices a bit better | |
Set-AdfsGlobalAuthenticationPolicy -PrimaryIntranetAuthenticationProvider @( 'WindowsAuthentication', 'FormsAuthentication' ) -WindowsIntegratedFallbackEnabled $true | |
# Restart the ADFS services# If you have more then one ADFS Server, you need to execute that against all of them! | |
Restart-Service -Name adfssrv | |
# Check that the ADFS Service is running | |
Get-Service -Name adfssrv | |
# Check the NTLM enables User Agents | |
Get-ADFSProperties | Select-Object -ExpandProperty WIASupportedUserAgents | |
# Now it should be: | |
# MSIE 6.0 | |
# MSIE 7.0 | |
# MSIE 8.0 | |
# MSIE 9.0 | |
# MSIE 10.0 | |
# Trident/7.0 | |
# MSIPC | |
# Windows Rights Management Client | |
# Windows NT 10.0; WOW64; Trident/7.0 | |
# Edge/1 | |
# Mozilla/5.0 (Windows NT | |
# More Info: https://technet.microsoft.com/en-us/library/ee892317.aspx |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment