IIS URL Rewrite - Browser-based redirection

Follow

Description: To force users with Firefox and Chrome browsers to go to the PFX Enrollment Realm instead of the default auto-enrollment realm, you will need to install the URL Rewrite plug-in for IIS (IIS 7 and newer; WILL NOT WORK with IIS 6 and older) on ALL the IdPs that the users may have access to.  You can download and install the plug-in here: https://www.iis.net/downloads/microsoft/url-rewrite

 

Once installed, start a new session of IIS Manager, and navigate to the auto-enrollment realm.  You should see a new icon for URL Rewrite.  Double-click it to bring up the rules list:

 browser-redirect-1.jpg

On the right hand side, click on “Add Rule(s)…” to bring up a new rule wizard.  Select “Blank rule” and click OK

 browser-redirect-2.jpg

You will need to create a rule for each browser you want to redirect.  We will start with Firefox.  Type in “Redirect Firefox” in the name field, and set the other fields as shown in the illustration below:

 browser-redirect-3.jpg

Under the Conditions field, make sure the “Logical grouping” is set to “Match All”.  Then click “Add” to bring up the “Add Condition” window.  In the “Add Condition” window, type in {HTTP_USER_AGENT} to tell IIS that you are looking for the browser information in the HTTP headers that the browser send to IIS when browsing the site.  Set “Check if input string” to “Matches the Pattern”, and then type *Firefox* in the “Pattern” field.  This tells IIS that we are specifically looking for the Firefox string in the header.  Click “OK” to save.

 browser-redirect-4.jpg

Back in Conditions, click “Add” again so that we can add an additional rule to exclude the Microsoft Edge browser.  We are needing to do this because starting with Windows 10, the Edge browser is shipped natively.  However, the browser string that Edge sends is very inclusive for compatibility reasons.  To prevent Edge from being incorrectly redirected to the PFX Enrollment Realm, we will need to create a “Does Not Match” rule to look for Edge in the browser agent string:

 browser-redirect-5.jpg

Under the “Action” section, set the values as shown in the illustration below.  For the “Redirect URL”, you will need to type in the Fully Qualified Domain Name (FDQN) of your PFX Enrollment Realm.  Make sure the “Append query string” checkbox is checked, or your visitors will receive 500 server errors when trying to browse:

 browser-redirect-6.jpg

Click Apply on the far right to save the rule.

 browser-redirect-7.jpg

You should now see the rule you just created:

 browser-redirect-8.jpg

You will need to go back and create a separate rule for Chrome and any other browser that does not support auto-enrollment using the steps outlined above.  A full list of browser agent string values (including Mobile Browsers) can be found here: http://www.useragentstring.com/pages/useragentstring.php

 

 

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.