Some time back I posted quite a popular post describing the effect of a bug in Chrome that prevented the use of Enhanced Protection for Authentication, a.k.a. TLS channel binding, when authenticating via Integrated Windows Authentication (IWA). I cared about this because it meant I had to disable EPA on Active Directory Federation Services (AD FS) farms where Chrome is a supported client.
Well, good news. The bug has been fixed in Chrome 51. Chromium 270219 was closed as fixed on March 26th, 2016.
What does this mean? It means that you (a) don’t have to disable EPA in your AD FS farm; and (b) for those of you who have disabled it you can now turn it back on and close down those security waivers that you have open.
- Logging into Office365 from Chrome content area fails in ADFS 2.0 SSO setup with Extended Protection
- AD FS, Enhanced Protection for Authentication (EPA), Chrome and Integrated Windows Authentication (IWA)