Add Chrome browser to AD FS SSO

Tested on Server 2012/2016 ADFS only

Check registered browsers

 Get-ADFSProperties | Select  -ExpandProperty WIASupportedUserAgents

Add Google Chrome

[System.Collections.ArrayList]$UserAgents = Get-AdfsProperties | select -ExpandProperty WIASupportedUserAgents
$UserAgents.Add(“Mozilla/5.0”)
Set-ADFSProperties -WIASupportedUserAgents $UserAgents

Restart the Active Directory Federation Services service on each of the ADFS farm servers for the changes to take effect.

http://jackstromberg.com/2014/03/adfs-v3-on-server-2012-r2-allow-chrome-to-automatically-sign-in-internally

Assigning ADFS 3.0 to an alternative HTTPS port

I have only a single static external IP address I need to use for Exchange therefore need to change the default HTTPS listener port for ADFS and took some time to get to the answer. This is not the solution when using in conjunction with the ADFS Proxy and will look at this another time.

netsh http del urlacl https://+:443/adfs/
netsh http del urlacl https://+:443/FederationMetadata/2007-06/
netsh http add urlacl https://+:444/adfs/ user=”NT SERVICE\adfssrv” delegate=yes

netsh http add urlacl https://+:444/FederationMetadata/2007-06/ user=”NT SERVICE\adfssrv” delegate=yes
Set-ADFSProperties -HttpsPort 444
net stop adfssrv
net start adfssrv
update-msolfederateddomain -domainname:<domain>

The final trick is to install the IIS role and bind the listener to port 444. IIS is not used however this is required for the HTTPS Port to transition correctly.

Customising the AD FS 3.0 Sign-in Page

ADFS 3.0 does not use IIS any more however can still be customised via PowerShell

https://technet.microsoft.com/en-us/library/dn280950.aspx

Set-AdfsGlobalWebContent –CompanyName “Contoso Corp”

Set-AdfsWebTheme -TargetName default -Logo @{path=”c:\Contoso\logo.png”}

Set-AdfsWebTheme -TargetName default -Illustration @{path=”c:\Contoso\illustration.png”}

Set-AdfsGlobalWebContent -SignInPageDescriptionText “<p>Sign-in to Contoso requires device registration. Click <A href=’http://fs1.contoso.com/deviceregistration/‘>here</A> for more information.</p>”

Set-AdfsGlobalWebContent -HelpDeskLink https://fs1.contoso.com/help/ -HelpDeskLinkText Help

Set-AdfsGlobalWebContent -HomeLink https://fs1.contoso.com/home/ -HomeLinkText Home

Set-AdfsGlobalWebContent -PrivacyLink https://fs1.contoso.com/privacy/ -PrivacyLinkText Privacy

“Sorry, but we’re having trouble signing you in” and “80041317” or “80043431” error when a federated user tries to sign in to Office 365, Azure, or Intune

After setting up a new ADFS server (previous one broke) users could not federate.  Thanks to these links, I needed to re-associate the new ADFS server

https://support.microsoft.com/en-us/kb/2647020
https://support.microsoft.com/en-us/kb/2647048

Using Azure Active Directory Module for Windows PowerShell –

$cred = get-credential
Connect-MSOLService –credential:$cred
Set-MSOLADFSContext –Computer:<server>
Update-MSOLFederatedDomain –DomainName:<Federated Domain Name>