[Mozilla Enterprise] Capability Policy Pref for Local File Links Breaking IDP Initiated SAML sign-in

Samuel Ambaye Samuel.Ambaye at oakfnd.ch
Thu Jun 7 20:29:34 UTC 2018 

Thank you for looking into this. We did not have the issue with ESR FF 52 x32 like we do now with FF 60 x64 but I have not tested on V52 with a clean/new profile like I have on V60.

On 7 Jun 2018, at 22:02, Mike Kaply <mkaply at mozilla.com<mailto:mkaply at mozilla.com>> wrote:

I've looked into this and I can't find any reason why setting checkloaduri to enabled would cause this behavior.

Is this a new behavior or did it happen on Firefox 52?

Mike

On Thu, Jun 7, 2018 at 10:58 AM, Samuel Ambaye <Samuel.Ambaye at oakfnd.ch<mailto:Samuel.Ambaye at oakfnd.ch>> wrote:
Hi,

Given Firefox 60 and that the following pref is added using about:config

capability.policy.localfilelinks.sites = http://www.example.com<http://www.example.com/>

When using an Identity Provider initiated SAML sign-in (on www.example.com<http://www.example.com/>)
The system somehow changes a SAML HTTP method POST to method GET causing the signing to fail.

Work-Around: Set browser.tabs.remote.autostart to false.

Notes: Apparently, others have reproduced this issue on other other sites (Salesforce) and when using other Identity Providers (GSuite).

My questions are:

  *   Is capability.policy.localfilelinks.sites a supported configuration?
  *   Is this just a bug or is there a trade off between the preference and the work-around.
  *   Any other / better work-arounds?

Any advice other than filing a bug report and disabling autostart?

Best,
Samuel

PS - The preference is used with the ones below

  *   capability.policy.localfilelinks.checkloaduri.enabled and
  *   capability.policy.policynames

PSS - No issue in Chrome, which does not offer access to the local file system anyway due to security conerns.


_______________________________________________
Enterprise mailing list
Enterprise at mozilla.org<mailto:Enterprise at mozilla.org>
https://mail.mozilla.org/listinfo/enterprise

To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise or send an email to enterprise-request at mozilla.org<mailto:enterprise-request at mozilla.org> with a subject of "unsubscribe"


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/enterprise/attachments/20180607/395bf32b/attachment-0002.html>

More information about the Enterprise mailing list