Out of the box Windows Server 2016 Active Directory Federation Services does not allow users running chrome to seamless sign on experience like Internet Explorer. Thankfully there are two simple changes that can be made to enable this functionality.
Open Powershell on one of the ADFS servers as administrator and check the list of existing WIASupportedUserAgents:
PS C:\Windows\system32> Get-ADFSProperties | Select -ExpandProperty WIASupportedUserAgents
MSAuthHost/1.0/In-Domain
MSIE 6.0
MSIE 7.0
MSIE 8.0
MSIE 9.0
MSIE 10.0
Trident/7.0
MSIPC
Windows Rights Management Client
MS_WorkFoldersClient
=~Windows\s*NT.*Edge
The easiest way to add the additional agents is with the following command, I’ve added Chrome, Mozilla/5.0 and Edge/12.
Set-AdfsProperties -WIASupportedUserAgents ((Get-ADFSProperties | Select -ExpandProperty WIASupportedUserAgents) + “Chrome” + "Mozilla/5.0" + "Edge/12")
There was a time before where you did need to disable the ExtendedProtectionTokenCheck for chrome to work, as of writing August 2017 this is no longer the case. Restart the ADFS service and you should be in business!
itrambling 