ADFS: WIA Supported User Agents

One of my customers had issues with SSO not working as expected. Upon investigation I found that this was because additional configuration was required in order to enable the SSO capabilities and support for Microsoft Edge and Mozilla Firefox web browsers. The following process enables you to modify the WIA Supported User Agents in ADFS which will enable SSO for various web browsers.

1. First we check the current configuration of the WIASupportedUserAgents properties using Get-ADFSProperties cmdlet as shown below:

1
Get-ADFSProperties | Select -ExpandProperty WIASupportedUserAgents

The following output was recorded for the existing configuration of WIASupportedUserAgents properties.

MSAuthHost/1.0/In-Domain
MSIE 6.0
MSIE 7.0
MSIE 8.0
MSIE 9.0
MSIE 10.0
Trident/7.0
MSIPC
Windows Rights Management Client
MS_WorkFoldersClient
=~Windows\s*NT.*Edge

2. Next we need to add support for Mozilla Firefox web browsers using the Set-ADFSProperties cmdlet as shown below:

1
Set-ADFSProperties -WIASupportedUserAgents (((Get-ADFSProperties).WIASupportedUserAgents)+'Mozilla/5.0')

3. Finally, add the configuration to support SSO for the Microsoft Edge web browsers using the Set-ADFSProperties cmdlet:

1
2
3
4
5
Set-ADFSProperties -WIASupportedUserAgents (((Get-ADFSProperties).WIASupportedUserAgents)+'Edge/12')
Set-ADFSProperties -WIASupportedUserAgents (((Get-ADFSProperties).WIASupportedUserAgents)+'Edge/13')
Set-ADFSProperties -WIASupportedUserAgents (((Get-ADFSProperties).WIASupportedUserAgents)+'Edge/14')
Set-ADFSProperties -WIASupportedUserAgents (((Get-ADFSProperties).WIASupportedUserAgents)+'Edge/15')
Set-ADFSProperties -WIASupportedUserAgents (((Get-ADFSProperties).WIASupportedUserAgents)+'Edge/16')

4. After applying the above changes, restart the ADFS Service on all ADFS Servers using:

1
Restart-Service adfssrv

5. After the services have been restarted, check that the configuration has applied successfully and test that the ADFS IDP Initiated Sign-on is fully operational.

1
Get-ADFSProperties | Select -ExpandProperty WIASupportedUserAgents

The following output was recorded for the configuration post-changes.

MSAuthHost/1.0/In-Domain
MSIE 6.0
MSIE 7.0
MSIE 8.0
MSIE 9.0
MSIE 10.0
Trident/7.0
MSIPC
Windows Rights Management Client
MS_WorkFoldersClient
=~Windows\s*NT.*Edge
Mozilla/5.0
Edge/12
Edge/13
Edge/14
Edge/15
Edge/16

From the above, we can note that support for the additional browsers has been added to the configuration as expected.

Leave a Reply

Your email address will not be published. Required fields are marked *