During a Windows 10 Pilot a customer told me, that on Windows 10 Systems the ADFS didn’t work as expected when they use EDGE.
Intranet Users with EDGE get the regular SSO Page like every external user.
With a few tweaks, I could solve that and now the Single-Sign-On via ADFS works like on Internet Explorer:
Code should be documented enough inline, so the GIST is the documentation 😉
After a bit more testing, I found that the old ‘-WIASupportedUserAgents’ wasn’t the best guess. I fixed that and mobile devices now get the Forms based login instead of the Auth Pop-Up.
Here is the Change:
Set-ADFSProperties -WIASupportedUserAgents @('MSIE 6.0', 'MSIE 7.0', 'MSIE 8.0', 'MSIE 9.0', 'MSIE 10.0', 'Trident/7.0', 'MSIPC', 'Windows Rights Management Client', 'Windows NT 10.0; WOW64; Trident/7.0', 'Edge/1', 'Mozilla/5.0 (Windows NT')
And you might also want to consider this:
Set-AdfsGlobalAuthenticationPolicy -PrimaryIntranetAuthenticationProvider @( 'WindowsAuthentication', 'FormsAuthentication' ) -WindowsIntegratedFallbackEnabled $true
Tested with ADFS on Windows Server 2012R2 and on Server 2016.