[Mozilla Enterprise] Capability Policy Pref for Local File Links Breaking IDP Initiated SAML sign-in

[Mike Kaply]

I've looked into this and I can't find any reason why setting checkloaduri
to enabled would cause this behavior.

Is this a new behavior or did it happen on Firefox 52?

Mike

On Thu, Jun 7, 2018 at 10:58 AM, Samuel Ambaye <Samuel.Ambaye at oakfnd.ch>
wrote:

> Hi,
>
> Given Firefox 60 and that the following pref is added using about:config
>
>
> capability.policy.localfilelinks.sites = http://www.example.com
>
>
> When using an Identity Provider initiated SAML sign-in (on www.example.com
> )
> The system somehow changes a SAML HTTP method POST to method GET causing
> the signing to fail.
>
> Work-Around: Set browser.tabs.remote.autostart to false.
>
> Notes: Apparently, others have reproduced this issue on other other sites
> (Salesforce) and when using other Identity Providers (GSuite).
>
> My questions are:
>
>    - Is capability.policy.localfilelinks.sites a supported configuration?
>    - Is this just a bug or is there a trade off between the preference
>    and the work-around.
>    - Any other / better work-arounds?
>
>
> Any advice other than filing a bug report and disabling autostart?
>
> Best,
> Samuel
>
> PS - The preference is used with the ones below
>
>    - capability.policy.localfilelinks.checkloaduri.enabled and
>    - capability.policy.policynames
>
>
> PSS - No issue in Chrome, which does not offer access to the local file
> system anyway due to security conerns.
>
>
> _______________________________________________
> Enterprise mailing list
> Enterprise at mozilla.org
> https://mail.mozilla.org/listinfo/enterprise
>
> To unsubscribe from this list, please visit https://mail.mozilla.org/
> listinfo/enterprise or send an email to enterprise-request at mozilla.org
> with a subject of "unsubscribe"
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/enterprise/attachments/20180607/f7c61e24/attachment-0002.html>