Home

AAD Seamless Single Sign-On and Chrome

%3CLINGO-SUB%20id%3D%22lingo-sub-268674%22%20slang%3D%22en-US%22%3EAAD%20Seamless%20Single%20Sign-On%20and%20Chrome%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-268674%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20deployed%20AAD%20Seamless%20SSO%20recently%20and%20it%20all%20works%20just%20fine%20in%20Edge%20%2F%20IE.%20However%20I%20cannot%20get%20the%20SSO%20experience%20to%20work%20with%20Chome.%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20checked%20the%20GPO%20settings%20mentioned%20in%20Microsofts%20Documentation.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnyone%20that%20knows%20if%20there%20is%20a%20problem%20with%20the%20service%20and%20Chome%20at%20the%20current%20version%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-268674%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%20Management%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-778642%22%20slang%3D%22en-US%22%3ERe%3A%20AAD%20Seamless%20Single%20Sign-On%20and%20Chrome%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-778642%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F119121%22%20target%3D%22_blank%22%3E%40Marcus%20Pettersson%3C%2FA%3E%26nbsp%3BDid%20you%20ever%20get%20this%20working%3F%20I%20am%20having%20the%20same%20issues.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-778870%22%20slang%3D%22en-US%22%3ERe%3A%20AAD%20Seamless%20Single%20Sign-On%20and%20Chrome%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-778870%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F351150%22%20target%3D%22_blank%22%3E%40Rocketrs8%3C%2FA%3E%26nbsp%3Bare%20you%20using%20AAD%20Seamless%20SSO%20with%20PTA%20or%20PHS%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-778930%22%20slang%3D%22en-US%22%3ERe%3A%20AAD%20Seamless%20Single%20Sign-On%20and%20Chrome%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-778930%22%20slang%3D%22en-US%22%3E%3CP%3EThanks.%20Did%20you%20check%20the%20troubleshooting%20page%20as%20well%3F%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fhybrid%2Ftshoot-connect-sso%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fhybrid%2Ftshoot-connect-sso%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20haven't%20any%20problems%20with%20PTA%20and%20AAD%20Seamless%20SSO%20(I'm%20using%20Chrome%20for%20Windows%26nbsp%3B%3CSPAN%3EVersion%2075.0.3770.142).%20I%20would%20suggest%20to%20run%20Fiddler%20and%20verify%20if%20the%20browser%20get%20the%20401%20unauthorized%20response%20from%20Azure%20AD%2C%20to%20provide%20a%20Kerberos%20ticket.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EI%20assume%20that%20modern%20authentication%20is%20enabled%20in%20Exchange%20Online%20(this%20is%20a%20prerequisite).%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-780861%22%20slang%3D%22en-US%22%3ERe%3A%20AAD%20Seamless%20Single%20Sign-On%20and%20Chrome%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-780861%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F65976%22%20target%3D%22_blank%22%3E%40Dominik%20Hoefling%3C%2FA%3E%26nbsp%3BI%20didn't%20have%20modern%20authentication%20turned%20on%20however%20I%20did%20that%20last%20night.%20Still%20not%20any%20better.%20I%20have%20looked%20through%20that%20documentation%20and%20nothing%20jumps%20out.%20Also%2C%20it%20is%20quite%20out%20dated%20with%20certain%20things.%20One%20%22big%22%20thing%20is%20that%20Edge%20doesn't%20work%20when%20actually%20now%20it%20does.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20think%20Fiddler%20is%20a%20good%20call.%20I%20will%20give%20that%20a%20bash%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-778874%22%20slang%3D%22en-US%22%3ERe%3A%20AAD%20Seamless%20Single%20Sign-On%20and%20Chrome%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-778874%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F65976%22%20target%3D%22_blank%22%3E%40Dominik%20Hoefling%3C%2FA%3E%26nbsp%3BI%20am%20using%20Seamless%20SSO%20with%20PTA.%20I%20downloaded%20the%20Chrome%20ADMX%20files%20and%20configured%20Kerberos%20delegation%20server%20whitelist%20and%20Authentication%20server%20white%20list%20adding%26nbsp%3Bautologon.microsoftazuread-sso.com%20to%20both.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Marcus Pettersson
Occasional Contributor

Hi,

 

I have deployed AAD Seamless SSO recently and it all works just fine in Edge / IE. However I cannot get the SSO experience to work with Chome. 

I have checked the GPO settings mentioned in Microsofts Documentation.

 

Anyone that knows if there is a problem with the service and Chome at the current version?

5 Replies

@Marcus Pettersson Did you ever get this working? I am having the same issues.

@Rocketrs8 are you using AAD Seamless SSO with PTA or PHS?

Highlighted

@Dominik Hoefling I am using Seamless SSO with PTA. I downloaded the Chrome ADMX files and configured Kerberos delegation server whitelist and Authentication server white list adding autologon.microsoftazuread-sso.com to both. 

Thanks. Did you check the troubleshooting page as well? https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-sso

 

I haven't any problems with PTA and AAD Seamless SSO (I'm using Chrome for Windows Version 75.0.3770.142). I would suggest to run Fiddler and verify if the browser get the 401 unauthorized response from Azure AD, to provide a Kerberos ticket.

 

I assume that modern authentication is enabled in Exchange Online (this is a prerequisite).

@Dominik Hoefling I didn't have modern authentication turned on however I did that last night. Still not any better. I have looked through that documentation and nothing jumps out. Also, it is quite out dated with certain things. One "big" thing is that Edge doesn't work when actually now it does. 

 

I think Fiddler is a good call. I will give that a bash

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies