Jan 07 2021 06:48 AM
Good day,
I have an internal https website running IIS on Windows Server 2012 R2 with Integrated Windows Authentication enabled and Extended Protection enabled at the site level, and because we use SQL Server, that is also enabled under SQL Configuration Manager.
Chrome prompts for credentials only once, IE performs SSO, Microsoft Edge v87.0.664.66 keeps prompting for credentials.
I have exhausted all resources I could dig on google, to list a few:
Extended Protection for Authentication – Microsoft Security Response Center
SQL Server's Extended Protection -- Redmondmag.com
Configuring Additional LSA Protection | Microsoft Docs
Authentication failure from non-Windows NTLM or Kerberos servers - Windows Server | Microsoft Docs
Microsoft Security Advisory 973811 | Microsoft Docs
Windows Extended Protection <extendedProtection> | Microsoft Docs
I applied almost every combination of options I was presented in these and other resources, and none of them change the behavior on Microsoft Edge except for setting to {1} HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\SuppressExtendedProtection which will proceed as a seamless SSO just like IE.
I'd like some assistance going over anything you can think can help, or to recognize if this is a known issue on Edge.
Thanks,
AJ
Jan 12 2021 07:51 AM
Same Problem here. Same configuration.
Windows Server 2012 R2
1. Create Application Pool with Integrated
2. Create App with created pool reference (just ordinary index.html)
3. IE11 SSO directly, Chrome always prompt, Edge always prompt (87.0.664.75 64bit).
In Firefox however it worked with this settings (about:config): network.automatic-ntlm-auth.trusted-uris
With Chrome I had success doing the following:
Chrome.exe –auth-server-whitelist="[SERVER_NAME]" –auth-negotiate-delegatewhitelist="[SERVER_NAME]" –auth-schemes="digest,ntlm,negotiate"
(Replace SERVER_NAME by your server)
-> Will promt for credentials anyway but then works
In Edge with the same parameter no luck. Don't know what they changed. If I have any news I will let you know.