Add Chrome browser to AD FS SSO

Tested on Server 2012/2016 ADFS only

Check registered browsers

 Get-ADFSProperties | Select  -ExpandProperty WIASupportedUserAgents

Add Google Chrome

[System.Collections.ArrayList]$UserAgents = Get-AdfsProperties | select -ExpandProperty WIASupportedUserAgents
$UserAgents.Add(“Mozilla/5.0”)
Set-ADFSProperties -WIASupportedUserAgents $UserAgents

Restart the Active Directory Federation Services service on each of the ADFS farm servers for the changes to take effect.

http://jackstromberg.com/2014/03/adfs-v3-on-server-2012-r2-allow-chrome-to-automatically-sign-in-internally

Assigning ADFS 3.0 to an alternative HTTPS port

I have only a single static external IP address I need to use for Exchange therefore need to change the default HTTPS listener port for ADFS and took some time to get to the answer. This is not the solution when using in conjunction with the ADFS Proxy and will look at this another time.

netsh http del urlacl https://+:443/adfs/
netsh http del urlacl https://+:443/FederationMetadata/2007-06/
netsh http add urlacl https://+:444/adfs/ user=”NT SERVICE\adfssrv” delegate=yes

netsh http add urlacl https://+:444/FederationMetadata/2007-06/ user=”NT SERVICE\adfssrv” delegate=yes
Set-ADFSProperties -HttpsPort 444
net stop adfssrv
net start adfssrv
update-msolfederateddomain -domainname:<domain>

The final trick is to install the IIS role and bind the listener to port 444. IIS is not used however this is required for the HTTPS Port to transition correctly.

Customising the AD FS 3.0 Sign-in Page

ADFS 3.0 does not use IIS any more however can still be customised via PowerShell

https://technet.microsoft.com/en-us/library/dn280950.aspx

Set-AdfsGlobalWebContent –CompanyName “Contoso Corp”

Set-AdfsWebTheme -TargetName default -Logo @{path=”c:\Contoso\logo.png”}

Set-AdfsWebTheme -TargetName default -Illustration @{path=”c:\Contoso\illustration.png”}

Set-AdfsGlobalWebContent -SignInPageDescriptionText “<p>Sign-in to Contoso requires device registration. Click <A href=’http://fs1.contoso.com/deviceregistration/‘>here</A> for more information.</p>”

Set-AdfsGlobalWebContent -HelpDeskLink https://fs1.contoso.com/help/ -HelpDeskLinkText Help

Set-AdfsGlobalWebContent -HomeLink https://fs1.contoso.com/home/ -HomeLinkText Home

Set-AdfsGlobalWebContent -PrivacyLink https://fs1.contoso.com/privacy/ -PrivacyLinkText Privacy