PingFederate Server

Configuring Microsoft Edge for Kerberos authentication

You can configure Microsoft Edge browsers for Kerberos authentication.

About this task

Because Edge doesn’t honor intranet sites, the PingFederate Kerberos Adapter isn’t allowed by default to request the Kerberos ticket for a user. To resolve this issue, there’s a group policy object (GPO) that can send intranet site requests to Internet Explorer 11 instead of Edge. It lets you put PingFederate in the Intranet Sites Zone (not the Trusted Sites Zone) in Internet Explorer and enable Kerberos.

Steps

  1. In the Group Policy Management editor, go to User Configuration → Administrative Templates → Windows Components → Microsoft Edge and enable the Send All intranet sites to IE11 setting. Kerberos prerequisite.

  2. Go to Administrative Templates → Windows Components → Internet Explorer → Internet Control Panel → Security Page → Site to Zone Assignment List.

  3. In the Show Contents dialog box’s Value Name column enter the <PingFederate URL>.

  4. In the Value column enter 1. Enter 1.

  5. Go to User Configuration → Administrative Templates → Windows Components → Internet Explorer → Internet Control Panel → SecurityPage → Intranet Zone.

  6. In the Logon Option dialog box’s Logon options list, select Automatic logon with current username and password. automatic logon.