We are setting up ADFS on Windows 2012 R2. This is working now, you can login automatically now into the adfs page when already logged into windows on a computer on the local network.
However, this is only working with Internet Explorer, when using chrome it is required to login.
To get around that problem we have set ExtendedProtectionToken tot none and added the WIASupportedUserAgents
Then it also works for Chrome for domain joined computers, but when you go to the ADFS login page from a non-domain joined computer and ExtendedProtectionTokenCheck is set to None, it gives a popup login prompt where you must login instead of using the normal login form on the adfs page.
This works alright, but it is a kinda ugly solution so we don't want to imlement it that way.
Is there a way around this? We would like to have it so that domain users using both chrome and IE login automatically withouth entering username/password, AND not getting the popup login prompt window in the browser.
I am curious about how others have solved this, or should I just live with the fact that only IE can enjoy a full SSO experience?