Windows Server 2019 ADFS SSO issues

Question

Hi,
We try to access SSO moodle with miniOrange plugin via ADFS Server 2019. I think there is the issue with ADFS server configuration, because:

• If I login to moodle with Firefox (46 version) SSO works fine. (https://help.hcltechsw.com/domino/10.0.1/secu_enabling_iwa_in_firefox.html)
• If I login with Chrome (92 version) ADFS prompt for credential and if I entered it login successful. But SSO no working. Try add Chrome GPO called 'authentication server whitelisting' with ADFS server name, no result. Also try the same with Edge GPO.
• If I login wth Edge (version 101) then ADFS prompt for login then enter the credential and it re-prompted for credential, and it become the infinity cycle.
• If I try login with IE11, then prompt for credential enter it and get HTTP 400 Bad request.

WIASupportedUserAgents added mozilla/5.0. Also try add „Chrome“ but no work.
Set-ADFSProperties –ExtendedProtectionTokenCheck try to „none“ and „allow“
I think if SSO work with Firefox, then miniorange plugin configuration is correct and the problem is with ADFS?
Also SPN is correct HTTP://<federationservice domain> on one Federation service account
Also set Set-AdfsProperties -EnableIdpInitiatedSignonPage $true
Can you advise where to troubleshoot problem? Can it be workstation or server GPO? I need SSO login for MS Egde.

Answer 1

Also SPN is correct HTTP://<federationservice domain> on one Federation service account

That's an incorrect SPN. It should be http/<federation farm FQDN>. Also, corner case, but make sure the name of the farm is not equal to the name of the server on which it is installed (that will also break WIA).