Sharefile SAML AD Authentication Fails on Chrome and Firefox

After configuring our ShareFile to integrate our AD accounts using AD FS 2.0 and SAML for login, we found several user could not log in with Chrome or Firefox.  They would go to the SAML login URL and then enter their correct AD credentials.  The login would then fail.  Using IE with the same credentials was successful.  After investigation, the issue was linked to AD FS 2.0 and Chrome/Firefox, not ShareFile.

The Solution below was found at http://exitcodezero.wordpress.com/2013/05/30/adfs-authentication-issues-with-chrome-and-firefox/

To correct the issues, disable Extended Protection in IIS on your ADFS server

  1. Open IIS Manager on your ADFS Server
  2. Expand your ADFS Server
  3. Expand Sites
  4. Expand Default Web Site
  5. Expand adfs
  6. Click to select ls
  7. Double-click Authentication 2013.05.30_adfs_auth_2
  8. Right-click Windows Authentication and select Advanced Settings… 2013.05.30_adfs_auth_3
  9. Set Extended Protection to Off 2013.05.30_adfs_auth_4
  10. Restart IIS or perform an iisreset

Reverse DNS in IIS logs

This change makes troubleshooting IIS problems so much easier in an enterprise environment.  Now instead of doing this manually or looking thru the jibberish that is in the IIS logs you can simply search for the computer name of the user that is having the issue and see error/success and pages they are viewing/posting.  Of course if you are using IIS integrated auth you can also search for the username of the user, but in an anonymous auth environment you now have this!

http://www.expta.com/2010/01/how-to-enable-reverse-dns-lookup-in-iis.html