Sign in with Microsoft
Sign in or create an account.
Hello,
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.

Symptoms

Consider the following scenario:

  • You have Service Pack 4 (SP4) for Microsoft Forefront Unified Access Gateway 2010 installed.

    Note SP4 is required for Internet Explorer 11 clients.

  • You have a portal trunk that publishes applications that were defined to provide Form-based single sign-on (SSO) to the back-end published resource for the web applications.


In this scenario, client connections that use Internet Explorer 11 fail SSO authentication to the web application.

Cause

This problem occurs because of a change in the user-agent string in Internet Explorer 11. The Unified Access Gateway FormLoginDataDefinitions.xml file is defined to match "MSIE" for all versions of Internet Explorer. However, the Internet Explorer 11 user-agent string does not contain "MSIE" as earlier versions do. Therefore, the browser is categorized incorrectly.

This "MSIE" string is added to the Internet Explorer 11 agent string when you run in compatibility mode so Form-based SSO works in this mode.

Resolution

This problem is fixed in Rollup 1 for Forefront Unified Access Gateway 2010 Service Pack 4.

Workaround

To work around this problem, follow these steps:

  1. In the FormLoginDataDefinitions.xml file, add the following to the "All Supported" section:

    <USER_AGENT id="IE11">
    <NAME>Internet Explorer 11</NAME>
    <SIGNATURE check_by="search">rv:11</SIGNATURE>
    <USER_AGENT> 

  2. Add this ID to the required USER_AGENT_GROUP. For example, if your SSO FormLogin.xml file limits this to <AGENT_TYPE search="group">all_supported</AGENT_TYPE>, add the following to the <USER_AGENT_GROUP name="all_supported"> section of the FormLoginDataDefinitions.xml file:

    <USER_AGENT_ID>IE11</USER_AGENT_ID>

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

More Information

Learn about user-agent string changes for Internet Explorer 11.

Note The compatible ("compatible") and browser ("MSIE") tokens are removed in Internet Explorer 11.

References

Learn about the terminology that Microsoft uses to describe software updates.

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

What affected your experience?

Thank you for your feedback!

×