This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 56.00000000000001%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMK%3C/text%3E%3C/svg%3E)
Windows Server 2022.
I am setting up AD FS on a local domain.
I have set primary authentication method to solely "Windows".
Hence, a user should never see a login screen, as he is already logged in to Windows.
The browser used is Edge.
But always the user is shown a form asking for username and password.
Request sent is for openid id_token solely.
What am I doing wrong?
I have solved the problem.
In client's Internet Options, I added the AD FS host to the list of local sites. This is rather strange, as the check box to add all otherwise not listed sites is already checked.
In server's AD FS Options, I added =~Windows\s*NT.*Chrome to WIASupportedUserAgents using Set-ADFSProperties. This is pretty strange, as apparently there is a typo in the original list of Windows Server 2022. The defaults should contain =~Windows\s*NT.*Edg. since Windows 2016 according to the document found at https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configure-ad-fs-browser-wia (so it matches both =~Windows\s*NT.*Edg and =~Windows\s*NT.*Edge), but actually the list only contains =~Windows\s*NT.*Edge. As latest Edge reports as both, Chrome and Edg, the original RegEx does not match. I think the difference between the actual list and the list in the documentation proofs that this is a bug in latest Windows Server 2022.
Thanks for letting us know! Please mark your own answer as an accepted answer that other can find it easily.