ADFS 2019 and Chrome


#1

Hi,

I recently installed Microsoft ADFS (Windows Server 2019) and are now trying to integrate it with DUO. I’ve installed duo-adfs3-1.2.0.17 and enabled MFA as an authentication method (global setting) and in the access control policies, so far so good. The solution works just fine using Internet Explorer, primary authentication (AD) and second MFA, but the MFA part fails using Chrome.

Error:
Requests to the server have been blocked by an extension."

Refused to frame ‘https://■■■■/’ because it violates the following Content Security Policy directive: “default-src ‘self’”. Note that ‘frame-src’ was not explicitly set, so ‘default-src’ is used as a fallback.

I’ve disabled all extensions and also tried incognito without success.

Any ideas?

Br,
Per Tenggren


#2

Hey @PerTenggren a few things.

  1. We haven’t officially launched support w/ ADFS 2019 just yet. We’re working on it.

  2. If possible open a case with Microsoft and reference the notes about HTTP Header customization on the ADFS 2019 new feature page: https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/overview/whats-new-active-directory-federation-services-windows-server
    There have been additions to ADFS 2019 in how iframes such as Duo are handled and we’ve not gotten official word from Microsoft on how to support that yet.

  3. Open a Duo support case so we can track this and provide resolution when we have an answer.


#3

Hi @PatrickKnight

Do you know when you plan to support ADFS 2019, is it the coming month or should I plan for a ADFS 2016 environment instead?

/Per


#4

@PerTenggren We don’t have a firm answer to provide on that, considering we are awaiting an answer back from Microsoft. Once we have that we’ll have a better idea when we can confirm support.


#5

Hey @PerTenggren just following up again.

Microsoft docs are updated around ADFS Content Security Policies

Our doc’s should be out fairly soon confirming support and changes needed for Duo on ADFS 2019.


#6

Perfect, thanks for the update !