Integrated Windows Authentication (IWA) with Enhanced Protection for Authentication (EPA) and Chrome–it now works!

Some time back I posted quite a popular post describing the effect of a bug in Chrome that prevented the use of Enhanced Protection for Authentication, a.k.a. TLS channel binding, when authenticating via Integrated Windows Authentication (IWA).  I cared about this because it meant I had to disable EPA on Active Directory Federation Services (AD FS) farms where Chrome is a supported client.

Well, good news.  The bug has been fixed in Chrome 51.  Chromium 270219 was closed as fixed on March 26th, 2016.

What does this mean?  It means that you (a) don’t have to disable EPA in your AD FS farm; and (b) for those of you who have disabled it you can now turn it back on and close down those security waivers that you have open. 

 

Advertisements

About Paul Williams

IT consultant working for Microsoft specialising in Identity Management and Directory Services.
This entry was posted in AD FS, News and tagged , , , , , . Bookmark the permalink.

One Response to Integrated Windows Authentication (IWA) with Enhanced Protection for Authentication (EPA) and Chrome–it now works!

  1. Pingback: #ADFS, IWA and the WIASupportedUserAgents property | Hybrid Identity

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s