Chrome or Firefox will not accept credentials when logging in using ADFS server

Friday, February 7, 2014
You may find that Google Chrome or FireFox 3.5+ keeps prompting for authentication when you are redirected to your ADFS 2.0 server.  This is also known to affect Fiddler.  See "AD FS 2.0: Continuously Prompted for Credentials While Using Fiddler Web Debugger" on TechNet.

This happens when Windows Authentication Extended Protection is enabled in IIS on either the ADFS proxy, ADFS back-end server, or both.

Here's how to turn Extended Protection off:

  • Login to the ADFS proxy server and open the Internet Information Services (IIS) Management console.
  • Navigate to the adfs\ls virtual directory under the Default Web Site.

  • Double-click Authentication to open the authentication methods for the ADFS\LS directory.
  • Select Windows Authentication and then click Advanced Settings in the Actions pane.
  • Set Extended Protection to Off.
  • Make sure you do this for all your ADFS proxy and ADFS back-end servers.

by at
Tags , , , ,

No comments:

Post a Comment

Thank you for your comment! It is my hope that you find the information here useful. Let others know if this post helped you out, or if you have a comment or further information.

Subscribe to: Post Comments (Atom)