Description: To force users with Firefox and Chrome browsers to go to the PFX Enrollment Realm instead of the default auto-enrollment realm, you will need to install the URL Rewrite plug-in for IIS (IIS 7 and newer; WILL NOT WORK with IIS 6 and older) on ALL the IdPs that the users may have access to. You can download and install the plug-in here: https://www.iis.net/downloads/microsoft/url-rewrite
Once installed, start a new session of IIS Manager, and navigate to the auto-enrollment realm. You should see a new icon for URL Rewrite. Double-click it to bring up the rules list:
On the right hand side, click on “Add Rule(s)…” to bring up a new rule wizard. Select “Blank rule” and click OK
You will need to create a rule for each browser you want to redirect. We will start with Firefox. Type in “Redirect Firefox” in the name field, and set the other fields as shown in the illustration below:
Under the Conditions field, make sure the “Logical grouping” is set to “Match All”. Then click “Add” to bring up the “Add Condition” window. In the “Add Condition” window, type in {HTTP_USER_AGENT} to tell IIS that you are looking for the browser information in the HTTP headers that the browser send to IIS when browsing the site. Set “Check if input string” to “Matches the Pattern”, and then type *Firefox* in the “Pattern” field. This tells IIS that we are specifically looking for the Firefox string in the header. Click “OK” to save.
Back in Conditions, click “Add” again so that we can add an additional rule to exclude the Microsoft Edge browser. We are needing to do this because starting with Windows 10, the Edge browser is shipped natively. However, the browser string that Edge sends is very inclusive for compatibility reasons. To prevent Edge from being incorrectly redirected to the PFX Enrollment Realm, we will need to create a “Does Not Match” rule to look for Edge in the browser agent string:
Under the “Action” section, set the values as shown in the illustration below. For the “Redirect URL”, you will need to type in the Fully Qualified Domain Name (FDQN) of your PFX Enrollment Realm. Make sure the “Append query string” checkbox is checked, or your visitors will receive 500 server errors when trying to browse:
Click Apply on the far right to save the rule.
You should now see the rule you just created:
You will need to go back and create a separate rule for Chrome and any other browser that does not support auto-enrollment using the steps outlined above. A full list of browser agent string values (including Mobile Browsers) can be found here: http://www.useragentstring.com/pages/useragentstring.php
Comments
Please sign in to leave a comment.