Sign in with Microsoft
Sign in or create an account.
Hello,
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.

Symptoms

Consider the following scenario:

  • You have Service Pack 4 (SP4) for Microsoft Forefront Unified Access Gateway 2010 installed.

    Note SP4 is required for Internet Explorer 11 clients.

  • You have a portal trunk that publishes applications that were defined to provide Form-based single sign-on (SSO) to the back-end published resource for the web applications.


In this scenario, client connections that use Internet Explorer 11 fail SSO authentication to the web application.

Cause

This problem occurs because of a change in the user-agent string in Internet Explorer 11. The Unified Access Gateway FormLoginDataDefinitions.xml file is defined to match "MSIE" for all versions of Internet Explorer. However, the Internet Explorer 11 user-agent string does not contain "MSIE" as earlier versions do. Therefore, the browser is categorized incorrectly.

This "MSIE" string is added to the Internet Explorer 11 agent string when you run in compatibility mode so Form-based SSO works in this mode.

Resolution

This problem is fixed in Rollup 1 for Forefront Unified Access Gateway 2010 Service Pack 4.

Workaround

To work around this problem, follow these steps:

  1. In the FormLoginDataDefinitions.xml file, add the following to the "All Supported" section:

    <USER_AGENT id="IE11">
    <NAME>Internet Explorer 11</NAME>
    <SIGNATURE check_by="search">rv:11</SIGNATURE>
    <USER_AGENT> 

  2. Add this ID to the required USER_AGENT_GROUP. For example, if your SSO FormLogin.xml file limits this to <AGENT_TYPE search="group">all_supported</AGENT_TYPE>, add the following to the <USER_AGENT_GROUP name="all_supported"> section of the FormLoginDataDefinitions.xml file:

    <USER_AGENT_ID>IE11</USER_AGENT_ID>

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

More Information

Learn about user-agent string changes for Internet Explorer 11.

Note The compatible ("compatible") and browser ("MSIE") tokens are removed in Internet Explorer 11.

References

Learn about the terminology that Microsoft uses to describe software updates.

Facebook LinkedIn Email
SUBSCRIBE RSS FEEDS

Need more help?

Want more options?

Discover Community

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Microsoft 365 subscription benefits

Microsoft 365 training

Microsoft security

Accessibility center

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Ask the Microsoft Community

Microsoft Tech Community

Windows Insiders

Microsoft 365 Insiders

Was this information helpful?

What affected your experience?
By pressing submit, your feedback will be used to improve Microsoft products and services. Your IT admin will be able to collect this data. Privacy Statement.

Thank you for your feedback!

×