Oct 09 2018
02:01 AM
- last edited on
Jan 14 2022
05:22 PM
by
TechCommunityAP
Oct 09 2018
02:01 AM
- last edited on
Jan 14 2022
05:22 PM
by
TechCommunityAP
Hi,
I have deployed AAD Seamless SSO recently and it all works just fine in Edge / IE. However I cannot get the SSO experience to work with Chome.
I have checked the GPO settings mentioned in Microsofts Documentation.
Anyone that knows if there is a problem with the service and Chome at the current version?
Jul 30 2019 01:53 AM
@Marcus Pettersson Did you ever get this working? I am having the same issues.
Jul 30 2019 05:08 AM
@Rocketrs8 are you using AAD Seamless SSO with PTA or PHS?
Jul 30 2019 05:13 AM
@Dominik Hoefling I am using Seamless SSO with PTA. I downloaded the Chrome ADMX files and configured Kerberos delegation server whitelist and Authentication server white list adding autologon.microsoftazuread-sso.com to both.
Jul 30 2019 05:39 AM
Thanks. Did you check the troubleshooting page as well? https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-sso
I haven't any problems with PTA and AAD Seamless SSO (I'm using Chrome for Windows Version 75.0.3770.142). I would suggest to run Fiddler and verify if the browser get the 401 unauthorized response from Azure AD, to provide a Kerberos ticket.
I assume that modern authentication is enabled in Exchange Online (this is a prerequisite).
Jul 31 2019 12:02 AM
@Dominik Hoefling I didn't have modern authentication turned on however I did that last night. Still not any better. I have looked through that documentation and nothing jumps out. Also, it is quite out dated with certain things. One "big" thing is that Edge doesn't work when actually now it does.
I think Fiddler is a good call. I will give that a bash
Jan 28 2021 05:14 AM
@Rocketrs8We are currently encountering the same issue in the chrome browser. Could you please share the information on, how you fixed it?
Jan 29 2021 02:45 PM
If I am not mistaken, you need to install the Windows 10 Accounts extension for Chrome for Seamless SSO to function.
Feb 01 2023 02:28 PM - edited Feb 01 2023 02:29 PM
For anyone trying to resolve this, after my research this is the exact requirements (Chome-side, your Azure AD setup has its own stuff) I needed:
Latest "Chrome Enterprise Policy List": https://support.google.com/chrome/a/answer/187202?hl=en
GPO Settings
User Configuration\Policies\Administrative Templates\Google\Google Chrome\HTTP Authentication
-Kerberos delegation server whitelist
autologon.microsoftazuread-sso.com,aadg.windows.net.nsatc.net
-Authentication server Whitelist
autologon.microsoftazuread-sso.com,aadg.windows.net.nsatc.net
# Needed if you're blocking extensions from being installed to whitelist this one
User Configuration\Policies\Administrative Templates\Google\Google Chrome\Extensions
-Configure the list of force-installed apps and extensions (Enabled)
ppnbnpeolgkicgegkbkbjmhlideopiji
-Configure extension installation allow list (Enabled)
ppnbnpeolgkicgegkbkbjmhlideopiji
Note: That extension ID I pulled from https://chrome.google.com/webstore/detail/windows-accounts/ppnbnpeolgkicgegkbkbjmhlideopiji (Windows Accounts)
Mar 27 2023 06:56 AM