Add support for Microsoft SSO on macOS
Categories
(Core :: Networking, enhancement, P2)
Tracking
()
People
(Reporter: mkaply, Assigned: sekim)
References
Details
(Whiteboard: [necko-triaged][necko-priority-queue])
Attachments
(9 files, 9 obsolete files)
1.54 KB,
text/plain
|
Details | |
1.53 KB,
application/json
|
Details | |
48 bytes,
text/x-phabricator-request
|
Details | Review | |
48 bytes,
text/x-phabricator-request
|
Details | Review | |
48 bytes,
text/x-phabricator-request
|
Details | Review | |
48 bytes,
text/x-phabricator-request
|
Details | Review | |
48 bytes,
text/x-phabricator-request
|
phab-bot
:
approval-mozilla-esr128+
|
Details | Review |
48 bytes,
text/x-phabricator-request
|
phab-bot
:
approval-mozilla-esr128+
|
Details | Review |
48 bytes,
text/x-phabricator-request
|
phab-bot
:
approval-mozilla-esr128+
|
Details | Review |
We added Microsoft SSO support on Windows and we'd like to do the same for macOS.
On macOS, it would only work on a corporate device.
There is sample code here:
and here:
I'll also attach sample responses and code
Reporter | ||
Comment 1•2 years ago
|
||
Reporter | ||
Updated•2 years ago
|
Comment 2•2 years ago
|
||
Mike, can you help us prioritize this bug?
Mike please let us know if you have any input on prioritization. Tentatively, we have flagged this enhancement for 2022-H2 roadmap planning.
Reporter | ||
Comment 4•2 years ago
|
||
Mike please let us know if you have any input on prioritization. Tentatively, we have flagged this enhancement for 2022-H2 roadmap plannin
I don't have any input. Microsoft requested this and we had already done on Windows, so it's a "nice to have"
What you've set sounds good.
Updated•2 years ago
|
Reporter | ||
Comment 5•6 months ago
|
||
Microsoft reached out to us to see if we could prioritize this.
They have customers requesting it.
Updated•5 months ago
|
Taking on this bug a few hours ago, I have a few questions regarding it.
-
How should the bug be tested? (I am mainly referring to the past patch for Microsoft SSO on Windows: https://phabricator.services.mozilla.com/D114540)
-
In the attached code,
queryItems
is used forauthorizationOptions
. What are the specific options being passed here? -
How would the implementation vary compared to the SSO support in Windows? Any considerations?
-
Are there any interfaces like
IProofOfPossessionCookieInfoManager
for MacOS?
Reporter | ||
Comment 10•5 months ago
|
||
The Company Portal app stores Microsoft credentials:
https://learn.microsoft.com/en-us/mem/intune/apps/apps-company-portal-macos
The API documentation is here:
https://developer.apple.com/documentation/authenticationservices/asauthorizationsinglesignonrequest
on macOS, we would be using headers only so we should need the cookie stuff.
I'll reach out to Microsoft and ask them to jump in.
Updated•4 months ago
|
Assignee | ||
Comment 11•4 months ago
|
||
Updated•3 months ago
|
Updated•3 months ago
|
Updated•3 months ago
|
Assignee | ||
Comment 12•3 months ago
|
||
Updated•3 months ago
|
Updated•3 months ago
|
Updated•3 months ago
|
Updated•3 months ago
|
Updated•3 months ago
|
Updated•3 months ago
|
Updated•3 months ago
|
Updated•3 months ago
|
Comment 13•2 months ago
|
||
Comment 14•2 months ago
|
||
bugherder |
Comment 15•2 months ago
|
||
Updated•2 months ago
|
Comment 16•2 months ago
|
||
bugherder |
Assignee | ||
Comment 17•1 month ago
|
||
Original Revision: https://phabricator.services.mozilla.com/D212445
Updated•1 month ago
|
Comment 18•1 month ago
|
||
beta Uplift Approval Request
- User impact if declined: This would postpone Microsoft SSO on macOS
- Code covered by automated testing: no
- Fix verified in Nightly: no
- Needs manual QE test: no
- Steps to reproduce for manual QE testing: N/A, we just introduced a policy for other patches in https://bugzilla.mozilla.org/show_bug.cgi?id=1768724
- Risk associated with taking this patch: Minimal
- Explanation of risk level: This patch introduces a policy for existing patches already in beta (https://bugzilla.mozilla.org/show_bug.cgi?id=1768724)
- String changes made/needed: N/A
- Is Android affected?: no
Reporter | ||
Comment 19•1 month ago
|
||
So actually, this does have a string change, but on the ESR at least, we've allowed English policy strings. Hoping that can be allowed here.
Comment 20•1 month ago
•
|
||
Hi Mike! It's a little late in the cycle for a string change unfortunately. NIing flod though just in case
Comment 21•1 month ago
|
||
beta Uplift Approval Request
- User impact if declined: This would postpone Microsoft SSO on macOS
- Code covered by automated testing: no
- Fix verified in Nightly: no
- Needs manual QE test: no
- Steps to reproduce for manual QE testing: N/A, we just introduced a policy for other patches in https://bugzilla.mozilla.org/show_bug.cgi?id=1768724
- Risk associated with taking this patch: Minimal
- Explanation of risk level: This patch introduces a policy for existing patches already in beta (https://bugzilla.mozilla.org/show_bug.cgi?id=1768724)
- String changes made/needed: English policy strings
- Is Android affected?: no
Comment 22•1 month ago
|
||
Comment 23•1 month ago
|
||
Backed out for causing xpc failures @ test_sorted_alphabetically.js
Backout link: https://hg.mozilla.org/integration/autoland/rev/e449dddd6538c4b7979d8c1336a4c85ff76d71fa
Comment 24•1 month ago
|
||
Comment 25•1 month ago
|
||
I'm confused. This patch has been around for a while, what is the urgency? While the string is not highly visible, it will still trigger a warning in console when you open about:policies, so the timing is not great (3 days from freeze for beta and this hasn't landed in mozilla-central yet, no locale will have it).
I would also point out that a completely different version of the string was reviewed and approved
policy-macOSSSO = Allow macOS single sign-on for Microsoft, work, and school accounts.
Now I see this, which would probably benefit from a comment about Entra.
policy-MicrosoftEntraSSO = Allow single sign-on for Microsoft Entra accounts.
P.S. :bolsson is the right person to reach out to for uplift requests, he's the one doing most of Firefox l10n these days
Comment 26•1 month ago
|
||
bugherder |
Reporter | ||
Comment 27•1 month ago
|
||
flod, you're right, we'll let it ride the trains. And I'll get a comment on that string.
Updated•1 month ago
|
Updated•1 month ago
|
Comment 28•1 month ago
|
||
Did you want to nominate this for the Fx132 relnotes? Please set the relnote-firefox
flag to ?
and fill out the auto-populated form if so. Though I'm a bit confused by the status of this bug. It looks like the majority of the work landed in Fx131 with just the enterprise policy pref patch landing in Fx132? So does this need to go into the Fx131 relnotes actually?
Reporter | ||
Comment 29•1 month ago
|
||
I think I'm just going to cover it in the enterprise release notes.
Reporter | ||
Comment 30•1 month ago
|
||
Comment 31•1 month ago
|
||
Comment 32•1 month ago
|
||
bugherder |
Comment 33•1 month ago
|
||
A patch has been attached on this bug, which was already closed. Filing a separate bug will ensure better tracking. If this was not by mistake and further action is needed, please alert the appropriate party. (Or: if the patch doesn't change behavior -- e.g. landing a test case, or fixing a typo -- then feel free to disregard this message)
Reporter | ||
Comment 34•15 days ago
|
||
Original Revision: https://phabricator.services.mozilla.com/D212445
Updated•15 days ago
|
Updated•14 days ago
|
Reporter | ||
Comment 35•13 days ago
|
||
Original Revision: https://phabricator.services.mozilla.com/D212445
Updated•13 days ago
|
Comment 36•13 days ago
|
||
esr128 Uplift Approval Request
- User impact if declined: Wanted for feature parity with release
- Code covered by automated testing: no
- Fix verified in Nightly: yes
- Needs manual QE test: no
- Steps to reproduce for manual QE testing: N/A
- Risk associated with taking this patch: Low
- Explanation of risk level: Patch only applies to Msft SSO case
- String changes made/needed: Policy description
- Is Android affected?: no
Reporter | ||
Comment 37•13 days ago
|
||
Original Revision: https://phabricator.services.mozilla.com/D212445
Updated•13 days ago
|
Reporter | ||
Comment 38•13 days ago
|
||
Original Revision: https://phabricator.services.mozilla.com/D216560
Updated•13 days ago
|
Reporter | ||
Comment 39•13 days ago
|
||
Original Revision: https://phabricator.services.mozilla.com/D212445
Updated•13 days ago
|
Reporter | ||
Comment 40•13 days ago
|
||
Original Revision: https://phabricator.services.mozilla.com/D218355
Updated•13 days ago
|
Reporter | ||
Comment 41•13 days ago
|
||
Original Revision: https://phabricator.services.mozilla.com/D216560
Updated•13 days ago
|
Reporter | ||
Comment 42•13 days ago
|
||
Original Revision: https://phabricator.services.mozilla.com/D218355
Updated•13 days ago
|
Reporter | ||
Comment 43•13 days ago
|
||
Original Revision: https://phabricator.services.mozilla.com/D212445
Updated•13 days ago
|
Reporter | ||
Comment 44•13 days ago
|
||
Original Revision: https://phabricator.services.mozilla.com/D216560
Updated•13 days ago
|
Reporter | ||
Comment 45•13 days ago
|
||
Original Revision: https://phabricator.services.mozilla.com/D218355
Updated•13 days ago
|
Updated•13 days ago
|
Updated•13 days ago
|
Updated•13 days ago
|
Updated•13 days ago
|
Updated•13 days ago
|
Updated•13 days ago
|
Updated•13 days ago
|
Updated•13 days ago
|
Updated•13 days ago
|
Updated•13 days ago
|
Comment 46•13 days ago
|
||
uplift |
Updated•13 days ago
|
Comment 47•13 days ago
|
||
When we uplift patches with string changes, we should also pick up updates to localization, similarly to what was done in
https://hg.mozilla.org/releases/mozilla-esr128/rev/4298182958afcf96c6ba2f16aa46db003e041f84
Could someone land a patch for that? There's no real need of review from l10n (in case, flag :bolsson).
Comment 48•13 days ago
•
|
||
Sorry, I thought I remembered enterprise policies being less strict around that. I'll get it, thanks for the ping.
Comment 49•13 days ago
|
||
uplift |
Description
•