Home

ADFS no longer tricked by InPrivate.

%3CLINGO-SUB%20id%3D%22lingo-sub-819445%22%20slang%3D%22en-US%22%3EADFS%20no%20longer%20tricked%20by%20InPrivate.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-819445%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20there%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAs%20an%20IT%20Operator%20for%20my%20company%20I%20need%20to%20be%20able%20to%20log%20in%20to%20several%20sites%20with%20all%20kinds%20of%20service%20accounts%2C%20including%20an%20operator%20account%20for%20our%20cloud%20Office%20system.%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EI%20have%20relied%20on%20Edge%20Insider%20Canary%20(currently%20running%2078.0.254.0)%20to%20foil%20ADFS%20and%20log%20in%20with%20accounts%20other%20than%20my%20standard%20one...%20until%20today.%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EI%20don't%20know%20if%20something%20has%20changed%20%22under%20the%20hood%22%2C%20or%20if%20I%20was%20just%20lucky%20all%20this%20time%20and%20ADFS%20is%20actually%20meant%20to%20work%20correctly%20while%20InPrivate%2C%20but%20I%20can't%20rely%20on%20it%20any%20longer.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20any%20hidden%20setting%2Fflag%20I%20can%20modify%20to%20go%20back%20to%20ADFS%20not%20working%20while%20InPrivate%3F%20Has%20anyone%20else%20noticed%20a%20sudden%20change%20in%20their%20ADFS%20behaviour%20while%20using%20Edge%20Insider%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-819465%22%20slang%3D%22en-US%22%3ERe%3A%20ADFS%20no%20longer%20tricked%20by%20InPrivate.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-819465%22%20slang%3D%22en-US%22%3EIt's%20just%20the%20ADFS%20SSO%20doing%20its%20SSO%20task.%20a%20well%20configured%20ADFS%20must%20not%20allow%20a%20user%20to%20log%20in%20with%20other%20credentials%2C%20that's%20a%20security%20issue.%3CBR%20%2F%3Eyou%20can%20try%20running%20the%20browser%20as%20a%20different%20user%20(hold%20shift%20then%20right%20click%20on%20the%20browser%20icon)%3CBR%20%2F%3Eor%20you%20can%20use%20Firefox%20that%20has%20containers%2Fcontainer%20extensions.%20also%20test%20it%20in%20Application%20Guard%20window.%20it's%20more%20isolated%20than%20inPrivate%20window.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-819691%22%20slang%3D%22en-US%22%3ERe%3A%20ADFS%20no%20longer%20tricked%20by%20InPrivate.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-819691%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20for%20your%20reply.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20do%20understand%20that%20ADFS%20is%20merely%20doing%20its%20job%2C%20but%20this%20behaviour%20was%20exhibited%20by%20not%20only%20Edge%20Insider%2C%20but%20by%20old%20Edge%20as%20well%20(in%20fact%2C%20I%20can%20still%20use%20old%20Edge%20InPrivate%20to%20%22trick%22%20ADFS%20and%20log%20in%20using%20my%20service%20account)%20and%2C%20since%20both%20browsers%20and%20ADFS%20are%20all%20MSFT%20products%2C%20I%20assumed%20this%20was%20%22working%20as%20intended%22%2C%20that%20this%20is%20the%20way%20they%20were%20supposed%20to%20function.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Rauten34
New Contributor

Hi there,

 

As an IT Operator for my company I need to be able to log in to several sites with all kinds of service accounts, including an operator account for our cloud Office system.


I have relied on Edge Insider Canary (currently running 78.0.254.0) to foil ADFS and log in with accounts other than my standard one... until today.


I don't know if something has changed "under the hood", or if I was just lucky all this time and ADFS is actually meant to work correctly while InPrivate, but I can't rely on it any longer.

 

Is there any hidden setting/flag I can modify to go back to ADFS not working while InPrivate? Has anyone else noticed a sudden change in their ADFS behaviour while using Edge Insider?

2 Replies
It's just the ADFS SSO doing its SSO task. a well configured ADFS must not allow a user to log in with other credentials, that's a security issue.
you can try running the browser as a different user (hold shift then right click on the browser icon)
or you can use Firefox that has containers/container extensions. also test it in Application Guard window. it's more isolated than inPrivate window.

Thanks for your reply.

 

I do understand that ADFS is merely doing its job, but this behaviour was exhibited by not only Edge Insider, but by old Edge as well (in fact, I can still use old Edge InPrivate to "trick" ADFS and log in using my service account) and, since both browsers and ADFS are all MSFT products, I assumed this was "working as intended", that this is the way they were supposed to function.

Related Conversations
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
28 Replies
Early preview of Microsoft Edge group policies
Sean Lyndersay in Discussions on
65 Replies
*Updated 9/3* Syncing in Microsoft Edge Preview Channels
Elliot Kirk in Articles on
201 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
2 Replies