Support Tip: Google Chrome Updates may stop ADFS login from being successful


Intune has received reports of Android end users who are seeing failures when signing into the Intune Android Company Portal app.  Affected users see this error after entering their username:

adfsblog1

This affects Android Company Portal end users who:

  1. Are authenticating to a system that uses ADFS
  2. Have updated the Chrome app on their device to version 56 or higher

This may also affect admin users who use the Chrome v56 browser to sign into the Intune admin portal, as well as end users attempting to authenticate to the Company Portal Website browser-based end user portal using the Chrome v56 app.

The root cause is that Google made a change to Chrome in v56 to discontinue support for SHA-1 certificates.  This was announced by Google in November 2016:

https://security.googleblog.com/2016/11/sha-1-certificates-in-chrome.html

If an IT Dept's ADFS environment uses certificates that are no longer supported by Chrome, then Chrome will fail to load web pages.  The Intune Android Company Portal app relies upon the Chrome system web view to host authentication flows on the device.

Chrome v56 is being released by Google in phases, and so some devices have v56 while others don't.  Over time as more devices upgrade their Chrome to v56 this issue will become more prevalent if SHA-1 certificates have not been replaced.

The complete remediation to this issue is to update the certificate configuration on ADFS servers to comply with what Chrome supports.

 

 


Comments (0)

Skip to main content