Open Bug 1878705 Opened 9 months ago Updated 2 months ago

Implement Windows SSO on Android

Categories

(Core :: Networking, enhancement, P3)

Firefox 124
enhancement

Tracking

()

People

(Reporter: michael.yockey, Unassigned)

References

Details

(Whiteboard: [necko-triaged])

Firefox for Android

Steps to reproduce:

Attempted to login to a Microsoft365 account controlled by AzureAD/Entra Conditional Access on MacOS, Android, iOS and Ubuntu Linux.

Actual results:

I got the "Cannot get to this resource from here" error message. Users cannot login.

Expected results:

Users should be able to login with their SSO credentials. Firefox needs to support Conditional Access with the inTune Company Portal on MacOS and Ubuntu Linux.

This was resolved for Windows 2 years ago but has yet to be addressed on the following platforms: Android, iOS, MacOS, Ubuntu Linux.

https://bugzilla.mozilla.org/show_bug.cgi?id=1720341

Microsoft's Graph API documentation on Conditional Access can be found here: https://learn.microsoft.com/en-us/entra/identity-platform/v2-conditional-access-dev-guide

The Bugbug bot thinks this bug should belong to the 'Fenix::General' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: Untriaged → General
Product: Firefox → Fenix
Status: UNCONFIRMED → NEW
Ever confirmed: true

Moving to the Firefox::Security component (like Windows bug 1720341) since this issue affects Firefox on macOS and Linux, not just Android.

https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-conditions#supported-browsers

https://support.mozilla.org/en-US/kb/windows-sso

Type: enhancement → defect
Component: General → Security
Product: Fenix → Firefox
See Also: → 1720341
Summary: Conditional Access → "Cannot get to this resource from here" error when attempting to login to a Microsoft365 account controlled by AzureAD/Entra Conditional Access

Other related bugs (I think it might be worth creating a meta bug):

All the bug implementing Windows SSO are in Core :: Networking so moving it there.

It seems like the only platform a bug is missing is Android. This bug could potentially be renamed "Implement Windows SSO on Android", but I'll let the Networking team handle it from here on.

Component: Security → Networking
Product: Firefox → Core

Linux is currently P3.
MacOS is P2.

Putting in [new] to decide if P2 is appropriate for this task. If P2, lets move to [next].

Also, does anyone know where we can file SSO bug for iOS if it doesn't already exist?

Severity: -- → N/A
Type: defect → enhancement
QA Whiteboard: `
Priority: -- → P2
Summary: "Cannot get to this resource from here" error when attempting to login to a Microsoft365 account controlled by AzureAD/Entra Conditional Access → Implement Windows SSO on Android
Whiteboard: [necko-triaged][necko-priority-new]

Thanks for making this a priority. This is a blocker to adoption in corporate environments where Conditional Access is enforced.

Not that we should also test managed Apple IDs and Google Android for Enterprise to ensure Firefox will work properly with Conditional Access on Android and iOS.

Android, iOS, Linux and MacOS don't use integrated Windows Authentication so I don't know if existing Windows code will fix these issues in Android, iOS, MacOS or Linux.

Specifically Enterprise are much more likely to package and ship FirefoxESR for longer security updates and stability over new features.

This is also a problem in Thunderbird. The "#ifdef XP_WIN" omits the "windows-sso" code when compiling for Linux etc.

See Also: → 1695693, 1768724, 1870561

Hi Mike,

How important do you think this is?
If you think this is high priority, we need to ask MS about how do implement this.

Thanks.

Flags: needinfo?(mozilla)
Whiteboard: [necko-triaged][necko-priority-new] → [necko-triaged][necko-priority-review]

I don't consider this high priority, but it's probably worth asking how this would be done.

Flags: needinfo?(mozilla)

(In reply to Mike Kaply [:mkaply] from comment #9)

I don't consider this high priority, but it's probably worth asking how this would be done.

Thanks. I'll put this in our backlog for now.

Priority: P2 → P3
Whiteboard: [necko-triaged][necko-priority-review] → [necko-triaged]
You need to log in before you can comment on or make changes to this bug.