Mobile Chrome cant login to Office365 Portal using Certificate Auth / MFA

139 views
Skip to first unread message

Kwok Yin Wong

unread,
Aug 9, 2017, 1:38:20 AM8/9/17
to Chromium-discuss
Original Post



Original Post here. but cant help much



Hi,

I'm wish some one from Google can give me a hand.

Our ADFS Servers / WAP been build up in our environment and Federated with Office365 platform. Certificate Authentication been enable for Login or MFA. Everything works fine in PC/Mac/Android/iOS when using password auth. But we face a problem in Android(Chrome) when using Certificate Auth.  

No problem in PC Browsers  - IE (Not Edge) , Firefox, Chrome
No problem in Mac Browser - Firefox , Chrome , Some strange behaviour in Safari which similar to issue in Mobile Chrome
No problem in iOS Browser - Safari (Didnt test other browsers)

When using Android Chrome, accessing Office365 Portal or Exchange Online e.g. https://portal.office.com or https://outlook.office365.com. After type in our corporate email address, it will redirect to our ADFS page. 
Then we can choose using Password Auth or Certificate Auth. , When using password Auth, MFA requires and we can use MFA App or Certificate to Pass MFA check.  Password works fine as well.


Problems details as follow.

In Chrome Browser, after i type my email address, Chrome will prompts me for Certificate immediately and it will load forever.  (Certificate prompt in wrong time when compare with other browser because it should ask me using which IdP first. (In Mac Safari, same symptom appears)
So i had to cancel(press back button) to skip the first abnormal certificate prompt, in order to choose IdP properly. 
After choose IdP properly, I can choose using my password or Certificate for authentication. 
If I choose "Sign in using an X.509 Certificate", Chrome will prompts me for Certificate twice but also end up with forever loading

PS. If I choose Certificate for the first time only and skip the 2nd time (Skip 2nd cert prompt by click some where else on screen, instead of Deny/Allow , or click back button on device.) Page load successfully !

So if I use password auth for the first time, MFA auth requires and allows me to use Authenticator or my certificate again. If i use Certificate once. It load successfully. If you choose cert twice again. Also end up with forever loading.

ADFS Token already changed to SHA2. But it is nothing change

I'm believe it is a "very very" strange bug in Chrome
Your action is highly appreciate !  

PhistucK

unread,
Aug 9, 2017, 6:39:05 AM8/9/17
to rol...@gmail.com, Chromium-discuss
You can search crbug.com for an existing issue and star it. If you cannot find one, file a new issue using the "New issue" link on the same page.
Please, do not add a "+1" or "Me too" or "Confirmed" (or similar) comment. It just wastes the time of Chrome engineers and sends unnecessary e-mails to all of the people who starred the issue.

You can reply with a link to the found or created issue and might get triaged (and fixed) faster.

Thank you.



PhistucK

--
--
Chromium Discussion mailing list: chromium...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-discuss

---
You received this message because you are subscribed to the Google Groups "Chromium-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-discuss+unsubscribe@chromium.org.

Kwok Yin Wong

unread,
Aug 9, 2017, 7:08:19 AM8/9/17
to Chromium-discuss, rol...@gmail.com


PhistucK

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-discu...@chromium.org.

Reply all
Reply to author
Forward
0 new messages