You deploy an Active Directory Federation Services (AD FS) 2.1 infrastructure. The
infrastructure uses Active Directory as the attribute store.
Some users report that they fail to authenticate to the AD FS infrastructure.
You discover that only users who run third-party web browsers experience issues.
You need to ensure that all of the users can authenticate to the AD FS infrastructure
successfully.
Which Windows PowerShell command should you run?
A.
Set-ADFSProperties -ProxyTrustTokenLifetime 1:00:00
B.
Set-ADFSProperties -AddProxyAuthenticationRules None
C.
Set-ADFSProperties -SSOLifetime 1:00:00
D.
Set-ADFSProperties -ExtendedProtectionTokenCheck None
Explanation:
A)
Sets the valid token lifetime for proxy trust tokens (in minutes). This value is used by the
federation server proxy to authenticate with its associated federation server.
B)
Specifies a policy rule set that can be used to establish authorization permissions for
setting up trust proxies. The default value allows the AD FS 2.0 service user account or any
member of BUILTIN\Administrators to register a federation server proxy with the Federation
Service.C)
Specifies the duration of the single sign-on (SSO) experience for Web browser clients (in
minutes).
D)
pecifies the level of extended protection for authentication supported by the federation
server. Extended Protection for Authentication helps protect against man-in-the-middle
(MITM) attacks, in which an attacker intercepts a client’s credentials and forwards them to a
server.
http://technet.microsoft.com/zh-cn/library/ee892317.aspx
Answer is D. Third-party web browsers do not support “Extended Protection for Authentication”.
First topic in https://technet.microsoft.com/en-us/library/hh237448(v=ws.10).aspx
agreed
D. Set-ADFSProperties -ExtendedProtectionTokenCheck None
Yes sure 100 % is (D)
D. Set-ADFSProperties -ExtendedProtectionTokenCheck None