Closed Bug 1620018 Opened 4 years ago Closed 3 years ago

Broken redirect for SAML authentication with Zoom client

Categories

(Core :: Networking: Cookies, defect, P2)

Product:
Core
Component:
Networking: Cookies
Version:
75 Branch
Platform:
All
Unspecified
Type:
defect

Tracking

()

Status:
RESOLVED INVALID
Tracking Flags:
Tracking Status
firefox-esr68 --- unaffected
firefox-esr78 --- disabled
firefox73 --- unaffected
firefox74 --- unaffected
firefox75 --- disabled
firefox76 --- disabled
firefox77 --- disabled
firefox78 --- disabled
firefox79 --- disabled
firefox80 --- disabled
firefox81 --- fix-optional

People

(Reporter: freshness, Unassigned)

References

(Regression)

Details

(Keywords: regression, Whiteboard: [necko-triaged])

Attachments

(1 file)

Screen Shot 2020-03-04 at 6.04.49 PM.jpg
816.84 KB, image/jpeg
Details

Firefox Nightly 75.0a1 (2020-03-02) and 75.0a1 (2020-03-03)
Nighlty Debugger notes: csrf_js:87:23

When Nightly is set as the default browser, SSO login with the Zoom conferencing client redirects to the profile page, but fails to launch the Zoom client and pass the authentication token.

I doubt the message about synchronous XMLHttpRequest being deprecated is relevant. We have been logging that message for six years and even though deprecated it still works.

What are the steps to reproduce this?

Component: Site Permissions → Untriaged
Flags: needinfo?(mrichards)

I managed to reproduce this and mozregression got me the range https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=a14a131ca73171c6aab469abefb9db79120e056a&tochange=150b8347d28f8a05bddd6cd9ea4b7851490639a1 so I suspect that bug 1604212 caused this.

Component: Untriaged → Networking: Cookies
Flags: needinfo?(mrichards) → needinfo?(amarchesini)
Product: Firefox → Core
Regressed by: 1604212
Summary: XMLHttpRequest deprecation results in broken redirect for SAML authentication with Zoom client → Broken redirect for SAML authentication with Zoom client
Has Regression Range: --- → yes

Note that this also affects the "Zoom Scheduler" add-on.

We should contact zoom and ask them to set sameSite=none to their cookies. Peter, is it something you can help with?

Flags: needinfo?(amarchesini) → needinfo?(stpeter)

Seems like it also broke GSuite SAML login into DataDog, tried mozregression, it resulted in the same commits as the one linked above.

Based on Comment 2 I will set firefox74 and firefox73 flags to unaffected. Dave, in case this is incorrect please switch the statuses as to your liking.

status-firefox73: --- → unaffected
status-firefox74: --- → unaffected
Flags: needinfo?(dtownsend)
Flags: needinfo?(dtownsend)

Should this block meta bug 1618610 ?

:baku I did contact Zoom about this. I'll update this bug once we receive a definitive reply.

I've re-pinged our friends at Zoom about this.

Flags: needinfo?(stpeter)
Severity: normal → S3
Priority: -- → P2
Whiteboard: [necko-triaged]

This bug has popped up again with the Zoom client on Nightly 84.0a1.
Update Reporter was using Containers which was blocking the SAML redirect.
Using a fresh profile allowed the user to log in successfully. False alarm!

(In reply to Mark Richards [:freshness] from comment #11)

Using a fresh profile allowed the user to log in successfully. False alarm!

Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: