MS Teams web version on teams.microsoft.us not logging in due to cookies
Categories
(Core :: Privacy: Anti-Tracking, defect, P2)
Tracking
()
Tracking | Status | |
---|---|---|
firefox104 | --- | fixed |
People
(Reporter: jfm5440, Assigned: pbz)
References
(Blocks 2 open bugs)
Details
Attachments
(2 files)
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:101.0) Gecko/20100101 Firefox/101.0
Steps to reproduce:
Note: I Have to use WWW MS Teams because customer forbids stand alone app. Customer's site is not publicly visible.
With FF version 101 WWW login to their Teams site stopped working unless I disabled "isolate other cross-site cookies" in Settings::Privacy::Browser Privacy
Actual results:
Login loop stopping on a MS page saying "To open the web app, change your browser settings to allow third-party cookies or allow certain trusted domains."
Customer's Teams site URL is already in trusted domains exceptions list.
When I change Browser Privacy from Standard to Custom and set Cookies to ONLY "cross site tracking cookies" I can log in as normal.
If I set to default "Cross site tracking cookies, and isolate other cross-site cookies" login loops landing on MS error page.
Note that I am using multi-account containers.
Expected results:
Login to WWW version of Teams
Note I tried disabling multi-account containers. Same login loop at Microsoft.
Comment 2•2 years ago
|
||
The Bugbug bot thinks this bug should belong to the 'Core::Networking: Cookies' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.
Comment 3•2 years ago
|
||
Hello! I have tried to reproduce the issue with firefox 104.0a1(2022-07-01) with MacOS 12 but unfortunately I wasn't able to reproduce the issue. Could you please answer the following questions in order to further investigate this issue?
- Does this issue happen with a new profile? Here is a link on how to create one: https://support.mozilla.org/en-US/kb/profile-manager-create-remove-switch-firefox-profiles
- Does this issue happen in the latest nightly? Here is a link from where you can download it: https://www.mozilla.org/en-US/firefox/channel/desktop/
- Do you have any addons installed if so can you list them?
I tried restarting FF with add-ons disabled (option-launch). Same behavior.
I can reproduce the same login loop using FF 102 on Windows 10. (I'm using FF 102 on Mac not 104 as you are)
One specific item that may be germane: I have to log into Microsoft 365 using a PIV card. Then I go to Teams from OWA. We can't log into Teams web app directly.
I have not tried a fresh profile nor the latest nightly. I'll see if I can try that on my Windows laptop but I can't afford experimenting on my Mac environment.
Updated•2 years ago
|
Updated•2 years ago
|
Updated•2 years ago
|
Comment 5•2 years ago
|
||
Hi Oana,
Would you be able to help us with reproducing the issue by following the info in comment 4? Thanks.
Assignee | ||
Comment 6•2 years ago
|
||
(In reply to John M. from comment #4)
I tried restarting FF with add-ons disabled (option-launch). Same behavior.
I can reproduce the same login loop using FF 102 on Windows 10. (I'm using FF 102 on Mac not 104 as you are)
One specific item that may be germane: I have to log into Microsoft 365 using a PIV card. Then I go to Teams from OWA. We can't log into Teams web app directly.
I have not tried a fresh profile nor the latest nightly. I'll see if I can try that on my Windows laptop but I can't afford experimenting on my Mac environment.
Thanks! I can't reproduce this with our Microsoft test accounts (personal and enterprise) either.
When switching to Microsoft Teams, do you see a prompt like the one in the screenshot I've attached?
Also, does it make a difference if you switch from OWA to Teams or directly navigate to teams.microsoft.com and login?
Assignee | ||
Comment 7•2 years ago
|
||
No I do not get that screen.
It is definitely a login loop. Looking at the history it is bouncing between these URLs (i've changed the client's subdomain to "xxx" below):
device.login.microsoftonline.us
xxx.teams.microsoft.us
device.login.microsoftonline.us
xxx.teams.microsoft.us
etc etc
Ending at this error page
(I have added those URLs along with the recommended ones to the cookie exception list also. No change.)
We are not able to login to Teams with the stand-alone app nor directly at teams.microsoft.com. Our only path to Teams is via OWA and selecting Teams from the Apps pick list dropdown.
Comment hidden (obsolete) |
Assignee | ||
Comment 10•2 years ago
|
||
Thanks John! Could you see if adding the relevant domains to the allow-list fixes the issue? Here is how to do this:
- Go to
about:config
and click "Accept Risk and Continue" - Enter
privacy.restrict3rdpartystorage.skip_list
in the "Search preference name" text input - From the radio buttons select "String"
- Press the "+" button on the right
- In the new input field on the right enter
https://*.teams.microsoft.us,https://login.microsoftonline.us
- Save the entry via the check-mark button on the right
- Test the login again
Be sure to remove the pref from about:config again after testing or use a separate Firefox profile for this test.
Comment 11•2 years ago
|
||
I was not able to reproduce the issue on my side.
Also I get the popup related to cookies when accessing the site https://teams.microsoft.com/
https://prnt.sc/xnDDZxwjlBgC
https://prnt.sc/BzSfHReT01HM
If I set the "Privacy>Custom>Cookies>Cross-site tracking cookies and isolate other cross-site cookies" option and choosing to allow or block cookies from the popup, the page refreshes a few times, the sign-in is performed and I can access Teams.
https://prnt.sc/1-nH9mqqsCLv
If I set the "Privacy>Custom>Cookies>Cross-site tracking cookies", the page refreshes a few times, the sign-in is performed and I can access Teams.
Tested with:
Browser / Version: Firefox Nightly 104.0a1 (2022-07-04), Firefox Release 102.0
Operating System: Windows 10 Pro
Assignee | ||
Comment 12•2 years ago
|
||
(In reply to Oana Arbuzov [:oanaarbuzov] from comment #11)
I was not able to reproduce the issue on my side.
Also I get the popup related to cookies when accessing the site https://teams.microsoft.com/
https://prnt.sc/xnDDZxwjlBgC
https://prnt.sc/BzSfHReT01HMIf I set the "Privacy>Custom>Cookies>Cross-site tracking cookies and isolate other cross-site cookies" option and choosing to allow or block cookies from the popup, the page refreshes a few times, the sign-in is performed and I can access Teams.
https://prnt.sc/1-nH9mqqsCLvIf I set the "Privacy>Custom>Cookies>Cross-site tracking cookies", the page refreshes a few times, the sign-in is performed and I can access Teams.
Tested with:
Browser / Version: Firefox Nightly 104.0a1 (2022-07-04), Firefox Release 102.0
Operating System: Windows 10 Pro
This is expected since you're testing with the main Microsoft Teams instance which we have deployed a fix for. The breakage in this bug is for *.teams.microsoft.us domains. We can't really test this without credentials to a deployment on that domain.
Updated•2 years ago
|
Assignee | ||
Comment 13•2 years ago
|
||
Updated•2 years ago
|
Reporter | ||
Comment 14•2 years ago
|
||
(In reply to Paul Zühlcke [:pbz] from comment #10)
Thanks John! Could you see if adding the relevant domains to the allow-list fixes the issue? Here is how to do this:
- Go to
about:config
and click "Accept Risk and Continue"- Enter
privacy.restrict3rdpartystorage.skip_list
in the "Search preference name" text input- From the radio buttons select "String"
- Press the "+" button on the right
- In the new input field on the right enter
https://*.teams.microsoft.us,https://login.microsoftonline.us
- Save the entry via the check-mark button on the right
- Test the login again
Be sure to remove the pref from about:config again after testing or use a separate Firefox profile for this test.
This fixed the issue. Logon to Teams with standard cookie protection now works.
Assignee | ||
Comment 15•2 years ago
•
|
||
(In reply to John M. from comment #14)
(In reply to Paul Zühlcke [:pbz] from comment #10)
Thanks John! Could you see if adding the relevant domains to the allow-list fixes the issue? Here is how to do this:
- Go to
about:config
and click "Accept Risk and Continue"- Enter
privacy.restrict3rdpartystorage.skip_list
in the "Search preference name" text input- From the radio buttons select "String"
- Press the "+" button on the right
- In the new input field on the right enter
https://*.teams.microsoft.us,https://login.microsoftonline.us
- Save the entry via the check-mark button on the right
- Test the login again
Be sure to remove the pref from about:config again after testing or use a separate Firefox profile for this test.
This fixed the issue. Logon to Teams with standard cookie protection now works.
Thanks for confirming! We're working on a fix for this. For now you can keep that pref set as a workaround, but once the bug is fixed I suggest to remove it again.
Assignee | ||
Updated•2 years ago
|
Comment 16•2 years ago
|
||
Pushed by pzuhlcke@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/99ccdcd282ca Enable MicrosoftLogin dFPI shim for Microsoft Teams on us domain. r=timhuang,webcompat-reviewers,twisniewski
Comment 17•2 years ago
|
||
bugherder |
Assignee | ||
Comment 18•1 year ago
|
||
The shim has shipped a while ago. We should check if we still need the partition-exception-list entry.
Assignee | ||
Comment 19•1 year ago
|
||
Since this is a private teams instance I can't verify the shim is working myself. John, could you please help test it again? Before testing, please set privacy.antitracking.enableWebcompat
to false
via about:config
. This is to ensure it's really the shim fixing the issue, and not our allow-list.
Reporter | ||
Comment 20•1 year ago
|
||
(In reply to Paul Zühlcke [:pbz] from comment #19)
Since this is a private teams instance I can't verify the shim is working myself. John, could you please help test it again? Before testing, please set
privacy.antitracking.enableWebcompat
tofalse
viaabout:config
. This is to ensure it's really the shim fixing the issue, and not our allow-list.
I set it to false and WWW Teams using microsoft.us appears to be OK.
Description
•