Closed Bug 1347920 Opened 8 years ago Closed 8 years ago

VMware Client Integration Not Functional

Categories

(Firefox :: Extension Compatibility, defect)

Product:
Firefox
Component:
Extension Compatibility
Version:
54 Branch
Platform:
x86_64
Windows 10
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID
Tracking Flags:
Tracking Status
firefox53 --- unaffected
firefox54 + wontfix
firefox55 + wontfix

People

(Reporter: nils, Unassigned)

Details

(Keywords: regression)

Attachments

(4 files)

2017-03-16 09_37_46-vSphere Web Client - Nightly.png
10.70 KB, image/png
Details
Client Plugin Popup Dialog
14.00 KB, image/png
Details
Client Plugin Certificate Update Dialog
8.77 KB, image/png
Details
vSphere Self-Signed
1.34 KB, application/x-x509-ca-cert
Details
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55.0 Build ID: 20170316030211 Steps to reproduce: I'm attempting to access my VCenter environment with latest version of Dev and Nightly, I get the pop up to open the plugin when loading the login page. I eventually get the certificate update popup, and then restart the browser. Actual results: After restarting the browser, the plugin dialog opens again, and then I get the same certificate update dialog stating to restart the browser, and ultimately I'm unable to use the integrated Windows session authentication option on the login page. Expected results: I should be able to use the Windows session auth option on the login page. This is working as expected in Firefox 52 (latest stable). It is not working in Dev and Nightly at the moment.
OS: Unspecified → Windows 10
Hardware: Unspecified → x86_64
Is this plugin expected to work with the removal of NPAPI plugins?
Component: Untriaged → Plug-ins
Product: Firefox → Core
I don't know anything specific about this software. If it is using an NPAPI plugin, this bug is WONTFIX. But the word "plugin" is generic enough that this could mean something else entirely. Nils, while running Firefox 51 or earlier, could you check about:plugins and see whether there is a vmware plugin listed there?
Flags: needinfo?(nils)
When accessing the login page with Firefox 52.0.1 (which I just confirmed worked as expected), and then looking at about:plugins, no VMware plugin is listed. I don't believe is is NPAPI-based, as it does work with Chrome.
Flags: needinfo?(nils)
52.0.1 works? Then this is not a plugin bug. I'm going to punt this over to another component for analysis.
Component: Plug-ins → Extension Compatibility
Product: Core → Firefox
Summary: VMware Client Integration Plugin Not Functional → VMware Client Integration Not Functional
(In reply to Benjamin Smedberg [:bsmedberg] from comment #6) > 52.0.1 works? Then this is not a plugin bug. I'm going to punt this over to > another component for analysis. Yes, it works in the latest stable. I also have Dev installed on my machine, but didn't get a chance to check it before it upgraded from the 53 to 54 branch to see if it was working in 53...
Do you have any extensions installed? What do you see in about:addons?
Flags: needinfo?(nils)
I do. I have uBlock Origin, RES (Reddit Enhancement Suite). In plugins I have the OpenH264, Windvine DRM, and Adobe Flash. This is in the working version of 52.0.1. Nightly is setup identical.
Flags: needinfo?(nils)
The best thing to do is searching for a regression range in FF54/54 (or even 53) with the tool mozregression. See http://mozilla.github.io/mozregression/ for details. You can set a testing profile with the tool (to install the add-on eg) with the command --profile. Run the command "mozregression --good=52" then make the test for each build downloaded and enter if it's good or bad. After the run, copy here the final pushlog from the repo mozilla-inbound.
Just updated to the Stable 53 branch, and it works as expected. 54 and 55 still aren't functioning properly. Would you still like me to run the regression tool?
Yes, it would be useful, because the bug is probably a regression since FF54.
I don't know how works the VMware Client but you can create a test profile to use with mozregression. Configure the profile to reproduce the issue, then when you run mozregression, add these commands: mozregression --good=52 --profile=/path/to/profile/ --profile-persistence=reuse
The Python 2.7 installer won't run on my Windows 10 machine properly for some reason, gets to the end of the installer and then fails. I'm going to build a Windows 7 VM to run the regression tool in since it should behave the same way.
I ran the tool and marked the good and bad revisions, and got this URL at the end of the test: https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=e1135c6fdc9bcd80d38f7285b269e030716dcb72&tochange=682ee6f4802745005eccdb88f831828051ae4c1b Is this what you're looking for?
Yes, that's exactly what we need, thank you. I checked the pushlog, a possible culprit is: David Keeler — bug 1294580 - prevent end-entity certificates from being their own trust anchors r=Cykesiopka Especially because this extension uses a certificate. David, what do you think?
Status: UNCONFIRMED → NEW
Has Regression Range: --- → yes
Has STR: --- → yes
status-firefox53: --- → unaffected
status-firefox54: --- → affected
status-firefox55: --- → affected
tracking-firefox54: --- → ?
tracking-firefox55: --- → ?
Ever confirmed: true
Flags: needinfo?(dkeeler)
Keywords: regression
Version: 55 Branch → 54 Branch
What version of vSphere are you using? Also, would it be possible for you to attach the certificate chain the vSphere server is using?
Flags: needinfo?(dkeeler) → needinfo?(nils)
Track 54+/55+ as a new regression in 54.
We're running vSphere 6.0. It's using a self-signed cert. I'm attaching the chain to the bug.
Flags: needinfo?(nils)
Attached file vSphere Self-Signed
Hmmm - given that the subject and issuer aren't the same, that's not a self-signed cert: subject= /CN=ucvcenter01.bioscripinc.net/C=US issuer= /CN=CA/DC=vsphere/DC=local/C=US/ST=California/O=ucvcenter01.bioscripinc.net/OU=VMware The vSphere setup code should be adding a certificate with subject "/CN=CA/DC=vsphere/DC=local/C=US/ST=California/O=ucvcenter01.bioscripinc.net/OU=VMware" to your profile's certificate db. Have you opened a ticket with vmware?
Flags: needinfo?(nils)
So we're thinking it's an issue with the cert on the vSphere box? I haven't opened a ticket with VMware yet.
Flags: needinfo?(nils)
Given comment 21, this sounds like this is not Firefox's fault, then, and we shouldn't need to track it for 54 or 55?
Flags: needinfo?(dkeeler)
Yes - I suspect the vmware utility is not successfully doing what it thinks it's doing (adding a new root certificate to Firefox's database).
Flags: needinfo?(dkeeler)
OK, marking this one as invalid, then, thanks.
Status: NEW → RESOLVED
Closed: 8 years ago
status-firefox54: affectedwontfix
status-firefox55: affectedwontfix
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: