Implement Windows SSO on Android
Categories
(Core :: Networking, enhancement, P3)
Tracking
()
People
(Reporter: michael.yockey, Unassigned)
References
Details
(Whiteboard: [necko-triaged])
Firefox for Android
Steps to reproduce:
Attempted to login to a Microsoft365 account controlled by AzureAD/Entra Conditional Access on MacOS, Android, iOS and Ubuntu Linux.
Actual results:
I got the "Cannot get to this resource from here" error message. Users cannot login.
Expected results:
Users should be able to login with their SSO credentials. Firefox needs to support Conditional Access with the inTune Company Portal on MacOS and Ubuntu Linux.
This was resolved for Windows 2 years ago but has yet to be addressed on the following platforms: Android, iOS, MacOS, Ubuntu Linux.
https://bugzilla.mozilla.org/show_bug.cgi?id=1720341
Microsoft's Graph API documentation on Conditional Access can be found here: https://learn.microsoft.com/en-us/entra/identity-platform/v2-conditional-access-dev-guide
Reporter | ||
Comment 1•9 months ago
|
||
Comment 2•9 months ago
|
||
The Bugbug bot thinks this bug should belong to the 'Fenix::General' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.
Updated•8 months ago
|
Comment 3•3 months ago
|
||
Moving to the Firefox::Security component (like Windows bug 1720341) since this issue affects Firefox on macOS and Linux, not just Android.
Comment 4•3 months ago
|
||
Other related bugs (I think it might be worth creating a meta bug):
- Bug 1695693 - Windows (fixed)
- Bug 1870561 - For Linux
- Bug 1768724 - For macOS (seems actively worked on)
All the bug implementing Windows SSO are in Core :: Networking
so moving it there.
It seems like the only platform a bug is missing is Android. This bug could potentially be renamed "Implement Windows SSO on Android", but I'll let the Networking team handle it from here on.
Linux is currently P3.
MacOS is P2.
Putting in [new] to decide if P2 is appropriate for this task. If P2, lets move to [next].
Also, does anyone know where we can file SSO bug for iOS if it doesn't already exist?
Reporter | ||
Comment 6•3 months ago
|
||
Thanks for making this a priority. This is a blocker to adoption in corporate environments where Conditional Access is enforced.
Not that we should also test managed Apple IDs and Google Android for Enterprise to ensure Firefox will work properly with Conditional Access on Android and iOS.
Android, iOS, Linux and MacOS don't use integrated Windows Authentication so I don't know if existing Windows code will fix these issues in Android, iOS, MacOS or Linux.
Specifically Enterprise are much more likely to package and ship FirefoxESR for longer security updates and stability over new features.
This is also a problem in Thunderbird. The "#ifdef XP_WIN" omits the "windows-sso" code when compiling for Linux etc.
Comment 8•2 months ago
|
||
Hi Mike,
How important do you think this is?
If you think this is high priority, we need to ask MS about how do implement this.
Thanks.
Comment 9•2 months ago
|
||
I don't consider this high priority, but it's probably worth asking how this would be done.
Comment 10•2 months ago
|
||
(In reply to Mike Kaply [:mkaply] from comment #9)
I don't consider this high priority, but it's probably worth asking how this would be done.
Thanks. I'll put this in our backlog for now.
Description
•