I'm using Capybara, Selenium and Chrome in my code and I just realized that the code is failing on machines with non-english locales (because Chrome is requesting the pages in different languages).
How can I force english as the only accepted language?
You need to set profile preference thru options or dedicated profile class in driver registration:
profile = Selenium::WebDriver::Chrome::Profile.new
profile['intl.accept_languages'] = 'en'
Capybara::Selenium::Driver.new(app, browser: :chrome, profile: profile, ...other)
Related
Centos 7 - Apache 2.4.
I have a subdomain which its public directory is password protected.
.htaccess:
AuthUserFile "/path-to-/.htpasswd"
AuthType Basic
AuthName "MMMMM"
require user a b c d
Options +Indexes
User selects a directory to load a krpano virtual tour.
It works okay from some desktop browsers and from an old Android version.
But from iOS 13 (iPhone & iPad) in every change of scene it is asking me for username and password.
I'm not sure if this is the best site for this question, maybe it should be moved.
My app is on Azure AD and I'm using the following code to request authentication on the Auth Service:
HttpContext.GetOwinContext().Authentication.Challenge(new AuthenticationProperties { RedirectUri = "/Home/Index" }, WsFederationAuthenticationDefaults.AuthenticationType);
What happens is that this works in some browsers (there is no pattern) and sometimes it doesn't work in others.
When the application redirects to /home/index, sometimes the object User.Identity has the user's email but sometimes it has no information.
Why is this happening?
Seamless SSO doesn't work in private browsing mode on Firefox and Microsoft Edge browsers. It also doesn't work on Internet Explorer if the browser is running in Enhanced Protected mode.
For SSO implementation , please consider browser consideration doc published here
As per last update , here is supporting browser list
Mozilla Firefox (all platforms)
Mozilla Firefox doesn't automatically use Kerberos authentication. Each user must manually add the Azure AD URL to their Firefox settings by using the following steps:
Run Firefox and enter about:config in the address bar. Dismiss any notifications that you see.
Search for the network.negotiate-auth.trusted-uris preference. This preference lists - - Firefox's trusted sites for Kerberos authentication.
Right-click and select Modify.
Enter https://autologon.microsoftazuread-sso.com in the field.
Select OK and then reopen the browser.
Safari (macOS)
Ensure that the machine running the macOS is joined to AD. Instructions for AD-joining your macOS device is outside the scope of this article.
Google Chrome (all platforms)
If you have overridden the AuthNegotiateDelegateWhitelist or the AuthServerWhitelist policy settings in your environment, ensure that you add Azure AD's URL (https://autologon.microsoftazuread-sso.com) to them as well.
Google Chrome (macOS and other non-Windows platforms)
For Google Chrome on Mac OS and other non-Windows platforms, refer to The Chromium Project Policy List for information on how to whitelist the Azure AD URL for integrated authentication.
The use of third-party Active Directory Group Policy extensions to roll out the Azure AD URL to Firefox and Google Chrome on Mac users is outside the scope of this article.
Hope it helps.
When I use a service used for online authentication, I get an url to navigate to that will automatically open an app that is used for the passcode input.
The url is in this format:
bankid:///?autostarttoken=2a1b5e2c-c9fb-4402-1239-2a1619d655e9&redirect=null
The navigation to this kind of urls do only make sense on a mobile unit where a certain app is installed.
Nevertheless, desktop browsers (not everyone) also try to navigate to such an url, like it would ever be possible. That of course results in an error page.
Why do they do that?
Do I need to use a hidden form?
Will every mobile unit honor that?
The custom URL scheme is used to be able to start an application locally, in this case the BankID client which handles the 2FA.
This works nicely on both mobile and desktop, as long as the custom url scheme is registered. AFAIK for mobile, if the URL scheme is not registered locally, it will query the appstore and let the user install from there. The BankID is available for both iPhone and Android in the appstore. On Windows it also query the appstore, but the BankID client is not available as Windows App, so it has to be installed manually from https://install.bankid.com. On Mac I have no idea if it queries the app store, but I know it has to be installed manually from https://install.bankid.com
Android, iPhone, Windows Phone, Windows mobile, Windows XP and later, MacOSX all honors the custom URL scheme but it also need to be honored by the browser, which all the major browsers do.
Historically, before mobile, we used to start programs using the NSS plugin support in the browsers. NSS plugin support was removed by the browsers since it was easy to mis-use from a security point of view.
That's why the custom URL schemes are used.
As you can read about in the BankID relying party guidelines, there is a transition to use https://app.bankid.com links to start the client instead. Basically, that's just a custom url scheme similar to bankid:// but registers both protocol (https://) and host (app.bankid.com), which then starts the app. This has the added benefit that if a user who hasn't got the client installed and is not able to find the client via a appstore or similar, will get the web site available, which then can help the user to install the client.
As the idea of an applink is to let the user navigate to the website if the URL is not registered locally, don't hide the navigation.
Session doesn't get saved and expires when app or tab is closed using mobile Safari or Chrome. On the other hand, It works just fine on desktop browsers.
Below is the only session configuration.
config/initializers/session_store.rb
# Be sure to restart your server when you modify this file.
Rails.application.config.session_store :cookie_store, {
key: '_myapp_session',
domain: :all
}
Ruby: v2.3.0
Rails v4.2.8
Thank you for all your help.
A couple things to try:
Check that you don't have "Private browsing mode" set on your mobile devices
Make sure your key is something unique and isn't literally '_myapp_session'
Make sure secret_token/secret_key_base (depending on rails version) is set to a unique value
Experiment with specifying the exact domains you want instead of using :all (This is just something to test I don't know if mobile browsers would cause a poor interaction in this case.)
Are you not using standalone applications (webapp, but with a home screen icon)? Standalone apps don't retain even persistent cookies, so anytime you close a standalone app, all session info is lost.
Also session cookies are not supposed to be persistent (should not have an expiry date, and by default they don't). A non-persistent cookie is supposed to be removed when the browser (or tab) is closed. So in fact iOS works correctly.
I think if you want to make it persistent, you can by adding expire_after: 14.days or similar. Be aware what this means though! It is considered a security risk, because such cookies will be written to disk, reopening a browser will grant access to an application if the user did not actually log out, etc.
Is user agent for mobile and ubuntu same for Mozilla?
check this list, mobile versions of the firefox browser contain strings like 'android' or 'maemo':
https://developer.mozilla.org/en/gecko_user_agent_string_reference