SSO is not working with EDGE browser and failing in a bad manner
3,619 views
Skip to first unread message
Uri Naor
Aug 22, 2016, 6:04:23 PM8/22/16
to waffle
Im testing the SSO with Spring boot application
with chrome it works out of the box
with firefox and explorer no major issues, just follow the FAQ
However with new Microsoft browser EDGE, its failing
I actually have two questions
what is missing on EDGE to make it work.
And what is needed in order for the SSO to not be so... ugly (popup showing up and white screen)
i hoping to redirect user to login page with form on failure but after many hours can't get it to work....
with chrome it works out of the box
with firefox and explorer no major issues, just follow the FAQ
However with new Microsoft browser EDGE, its failing
I actually have two questions
what is missing on EDGE to make it work.
And what is needed in order for the SSO to not be so... ugly (popup showing up and white screen)
i hoping to redirect user to login page with form on failure but after many hours can't get it to work....
Uri Naor
Aug 23, 2016, 4:44:00 PM8/23/16
to waffle
Also when placing my windows credentials on the popup window
i dont get authenticated (i tripled checked my password and username ) here is the waffle logs
2016-08-23 15:42:01.012 DEBUG 11224 --- [-nio-555-exec-7] w.s.spi.NegotiateSecurityFilterProvider : security package: Negotiate, connection id: 0:0:0:0:0:0:0:1:60131
2016-08-23 15:42:01.012 DEBUG 11224 --- [-nio-555-exec-7] w.s.spi.NegotiateSecurityFilterProvider : token buffer: 1481 byte(s)
2016-08-23 15:42:01.014 DEBUG 11224 --- [-nio-555-exec-7] w.s.spi.NegotiateSecurityFilterProvider : continue token: oXAwbqADCgEBomcEZWBjBgkqhkiG9xIBAgIDAH5UMFKgAwIBBaEDAgEepBEYDzIwMTYwODIzMjA0MjAxWqUFAgMDBAKmAwIBKakTGxFDT1JQLlRGSE5FVC5MT0NBTKoSMBCgAwIBAaEJMAcbBXVuYW9y
2016-08-23 15:42:01.014 DEBUG 11224 --- [-nio-555-exec-7] w.s.spi.NegotiateSecurityFilterProvider : continue required: true
2016-08-23 15:42:01.014 DEBUG 11224 --- [-nio-555-exec-7] w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2016-08-23 15:42:01.015 DEBUG 11224 --- [-nio-555-exec-7] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
i dont get authenticated (i tripled checked my password and username ) here is the waffle logs
2016-08-23 15:42:01.012 DEBUG 11224 --- [-nio-555-exec-7] w.s.spi.NegotiateSecurityFilterProvider : security package: Negotiate, connection id: 0:0:0:0:0:0:0:1:60131
2016-08-23 15:42:01.012 DEBUG 11224 --- [-nio-555-exec-7] w.s.spi.NegotiateSecurityFilterProvider : token buffer: 1481 byte(s)
2016-08-23 15:42:01.014 DEBUG 11224 --- [-nio-555-exec-7] w.s.spi.NegotiateSecurityFilterProvider : continue token: oXAwbqADCgEBomcEZWBjBgkqhkiG9xIBAgIDAH5UMFKgAwIBBaEDAgEepBEYDzIwMTYwODIzMjA0MjAxWqUFAgMDBAKmAwIBKakTGxFDT1JQLlRGSE5FVC5MT0NBTKoSMBCgAwIBAaEJMAcbBXVuYW9y
2016-08-23 15:42:01.014 DEBUG 11224 --- [-nio-555-exec-7] w.s.spi.NegotiateSecurityFilterProvider : continue required: true
2016-08-23 15:42:01.014 DEBUG 11224 --- [-nio-555-exec-7] w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2016-08-23 15:42:01.015 DEBUG 11224 --- [-nio-555-exec-7] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
Daniel Doubrovkine
Aug 23, 2016, 6:14:20 PM8/23/16
to waffle...@googlegroups.com
Edge shouldn't be any different from other IEs, if you see a popup, SSO has failed. Usually I would say go through Troubleshooting first, https://github.com/dblock/waffle/blob/master/Docs/Troubleshooting.md.
--
You received this message because you are subscribed to the Google Groups "waffle" group.
To unsubscribe from this group and stop receiving emails from it, send an email to waffle-users+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Jürgen Wagner
Aug 23, 2016, 11:55:45 PM8/23/16
to waffle...@googlegroups.com
My guess is that the whole thing will work with EDGE as well, if you
remove "Negotiate" and simply use "NTLM", right?
The problem is with Kerberos-based authentication and has to do with the
missing SPN.
remove "Negotiate" and simply use "NTLM", right?
The problem is with Kerberos-based authentication and has to do with the
missing SPN.
Uri Naor
Aug 24, 2016, 6:47:13 PM8/24/16
to waffle
with both Negotiate and NTLM i get the popup and this error
error logging in user: com.sun.jna.platform.win32.Win32Exception: The token supplied to the function is invalid
with just NTLM its the same no effect
Also behavior is inconsistent
found it thanks to this
http://answers.microsoft.com/en-us/ie/forum/ie_other-windows_other/how-to-configure-edge-to-enable-integrated-windows/99669897-9f5a-4842-b00b-291a596f6eec?auth=1
its managed as part of the OS....
error logging in user: com.sun.jna.platform.win32.Win32Exception: The token supplied to the function is invalid
with just NTLM its the same no effect
Also behavior is inconsistent
found it thanks to this
http://answers.microsoft.com/en-us/ie/forum/ie_other-windows_other/how-to-configure-edge-to-enable-integrated-windows/99669897-9f5a-4842-b00b-291a596f6eec?auth=1
its managed as part of the OS....
ooxaam
Jan 22, 2020, 4:58:46 AM1/22/20
to waffle
I'm facing a similar issue, I have configured WAFFLE in my application, it's working on Chrome, IE, and FF (not showing any pop up). But in Edge, it's giving me alert pop up to enter username and password. Is there any separate configuration required for enabling SSO on Edge.
Reply all
Reply to author
Forward
0 new messages