Category Archives: 18250

Chrome or Firefox will not accept credentials when logging into ADFS server

You may find that Google Chrome or FireFox 3.5+ keeps prompting for authentication when you are redirected to your ADFS 2.0 server.  This is also known to affect Fiddler.  See “AD FS 2.0: Continuously Prompted for Credentials While Using Fiddler Web Debugger” on TechNet.



This happens when Windows Authentication Extended Protection is enabled in IIS on either the ADFS proxy, ADFS back-end server, or both.



Here’s how to turn Extended Protection off:



  • Login to the ADFS proxy server and open the Internet Information Services (IIS) Management console.
  • Navigate to the adfs\ls virtual directory under the Default Web Site.


  • Double-click Authentication to open the authentication methods for the ADFS\LS directory.
  • Select Windows Authentication and then click Advanced Settings in the Actions pane.
  • Set Extended Protection to Off.
  • Make sure you do this for all your ADFS proxy and ADFS back-end servers.


Chrome or Firefox will not accept credentials when logging in using ADFS server

You may find that Google Chrome or FireFox 3.5+ keeps prompting for authentication when you are redirected to your ADFS 2.0 server.  This is also known to affect Fiddler.  See “AD FS 2.0: Continuously Prompted for Credentials While Using Fiddler Web Debugger” on TechNet.



This happens when Windows Authentication Extended Protection is enabled in IIS on either the ADFS proxy, ADFS back-end server, or both.



Here’s how to turn Extended Protection off:



  • Login to the ADFS proxy server and open the Internet Information Services (IIS) Management console.
  • Navigate to the adfs\ls virtual directory under the Default Web Site.



  • Double-click Authentication to open the authentication methods for the ADFS\LS directory.
  • Select Windows Authentication and then click Advanced Settings in the Actions pane.
  • Set Extended Protection to Off.
  • Make sure you do this for all your ADFS proxy and ADFS back-end servers.