[Mozilla Enterprise] Capability Policy Pref for Local File Links Breaking IDP Initiated SAML sign-in
Mike Kaply
mkaply at mozilla.com
Thu Jun 7 20:34:35 UTC 2018
We have a tool called mozregression:
https://mozilla.github.io/mozregression/
That would be very helpful to find this out.
If you can recreate on Firefox 52, and you could track down what caused it,
that would be great.
Mike
On Thu, Jun 7, 2018 at 3:29 PM, Samuel Ambaye <Samuel.Ambaye at oakfnd.ch>
wrote:
> Thank you for looking into this. We did not have the issue with ESR FF 52
> x32 like we do now with FF 60 x64 but I have not tested on V52 with a
> clean/new profile like I have on V60.
>
>
> On 7 Jun 2018, at 22:02, Mike Kaply <mkaply at mozilla.com> wrote:
>
> I've looked into this and I can't find any reason why setting checkloaduri
> to enabled would cause this behavior.
>
> Is this a new behavior or did it happen on Firefox 52?
>
> Mike
>
> On Thu, Jun 7, 2018 at 10:58 AM, Samuel Ambaye <Samuel.Ambaye at oakfnd.ch>
> wrote:
>
>> Hi,
>>
>> Given Firefox 60 and that the following pref is added using about:config
>>
>>
>> capability.policy.localfilelinks.sites = http://www.example.com
>>
>>
>> When using an Identity Provider initiated SAML sign-in (on
>> www.example.com)
>> The system somehow changes a SAML HTTP method POST to method GET causing
>> the signing to fail.
>>
>> Work-Around: Set browser.tabs.remote.autostart to false.
>>
>> Notes: Apparently, others have reproduced this issue on other other sites
>> (Salesforce) and when using other Identity Providers (GSuite).
>>
>> My questions are:
>>
>> - Is capability.policy.localfilelinks.sites a supported configuration?
>> - Is this just a bug or is there a trade off between the preference
>> and the work-around.
>> - Any other / better work-arounds?
>>
>>
>> Any advice other than filing a bug report and disabling autostart?
>>
>> Best,
>> Samuel
>>
>> PS - The preference is used with the ones below
>>
>> - capability.policy.localfilelinks.checkloaduri.enabled and
>> - capability.policy.policynames
>>
>>
>> PSS - No issue in Chrome, which does not offer access to the local file
>> system anyway due to security conerns.
>>
>>
>> _______________________________________________
>> Enterprise mailing list
>> Enterprise at mozilla.org
>> https://mail.mozilla.org/listinfo/enterprise
>>
>> To unsubscribe from this list, please visit
>> https://mail.mozilla.org/listinfo/enterprise or send an email to
>> enterprise-request at mozilla.org with a subject of "unsubscribe"
>>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/enterprise/attachments/20180607/2bcd835a/attachment-0002.html>
More information about the Enterprise
mailing list