Is user agent for mobile and ubuntu same for Mozilla?
check this list, mobile versions of the firefox browser contain strings like 'android' or 'maemo':
https://developer.mozilla.org/en/gecko_user_agent_string_reference
Related
My app is on Azure AD and I'm using the following code to request authentication on the Auth Service:
HttpContext.GetOwinContext().Authentication.Challenge(new AuthenticationProperties { RedirectUri = "/Home/Index" }, WsFederationAuthenticationDefaults.AuthenticationType);
What happens is that this works in some browsers (there is no pattern) and sometimes it doesn't work in others.
When the application redirects to /home/index, sometimes the object User.Identity has the user's email but sometimes it has no information.
Why is this happening?
Seamless SSO doesn't work in private browsing mode on Firefox and Microsoft Edge browsers. It also doesn't work on Internet Explorer if the browser is running in Enhanced Protected mode.
For SSO implementation , please consider browser consideration doc published here
As per last update , here is supporting browser list
Mozilla Firefox (all platforms)
Mozilla Firefox doesn't automatically use Kerberos authentication. Each user must manually add the Azure AD URL to their Firefox settings by using the following steps:
Run Firefox and enter about:config in the address bar. Dismiss any notifications that you see.
Search for the network.negotiate-auth.trusted-uris preference. This preference lists - - Firefox's trusted sites for Kerberos authentication.
Right-click and select Modify.
Enter https://autologon.microsoftazuread-sso.com in the field.
Select OK and then reopen the browser.
Safari (macOS)
Ensure that the machine running the macOS is joined to AD. Instructions for AD-joining your macOS device is outside the scope of this article.
Google Chrome (all platforms)
If you have overridden the AuthNegotiateDelegateWhitelist or the AuthServerWhitelist policy settings in your environment, ensure that you add Azure AD's URL (https://autologon.microsoftazuread-sso.com) to them as well.
Google Chrome (macOS and other non-Windows platforms)
For Google Chrome on Mac OS and other non-Windows platforms, refer to The Chromium Project Policy List for information on how to whitelist the Azure AD URL for integrated authentication.
The use of third-party Active Directory Group Policy extensions to roll out the Azure AD URL to Firefox and Google Chrome on Mac users is outside the scope of this article.
Hope it helps.
When I use a service used for online authentication, I get an url to navigate to that will automatically open an app that is used for the passcode input.
The url is in this format:
bankid:///?autostarttoken=2a1b5e2c-c9fb-4402-1239-2a1619d655e9&redirect=null
The navigation to this kind of urls do only make sense on a mobile unit where a certain app is installed.
Nevertheless, desktop browsers (not everyone) also try to navigate to such an url, like it would ever be possible. That of course results in an error page.
Why do they do that?
Do I need to use a hidden form?
Will every mobile unit honor that?
The custom URL scheme is used to be able to start an application locally, in this case the BankID client which handles the 2FA.
This works nicely on both mobile and desktop, as long as the custom url scheme is registered. AFAIK for mobile, if the URL scheme is not registered locally, it will query the appstore and let the user install from there. The BankID is available for both iPhone and Android in the appstore. On Windows it also query the appstore, but the BankID client is not available as Windows App, so it has to be installed manually from https://install.bankid.com. On Mac I have no idea if it queries the app store, but I know it has to be installed manually from https://install.bankid.com
Android, iPhone, Windows Phone, Windows mobile, Windows XP and later, MacOSX all honors the custom URL scheme but it also need to be honored by the browser, which all the major browsers do.
Historically, before mobile, we used to start programs using the NSS plugin support in the browsers. NSS plugin support was removed by the browsers since it was easy to mis-use from a security point of view.
That's why the custom URL schemes are used.
As you can read about in the BankID relying party guidelines, there is a transition to use https://app.bankid.com links to start the client instead. Basically, that's just a custom url scheme similar to bankid:// but registers both protocol (https://) and host (app.bankid.com), which then starts the app. This has the added benefit that if a user who hasn't got the client installed and is not able to find the client via a appstore or similar, will get the web site available, which then can help the user to install the client.
As the idea of an applink is to let the user navigate to the website if the URL is not registered locally, don't hide the navigation.
I used the HTML Code provided by Twitter (https://publish.twitter.com/).
The given code is like
<a class="twitter-timeline" href="https://twitter.com/TwitterDev">Tweets by TwitterDev</a><script async src="//platform.twitter.com/widgets.js" charset="utf-8"></script>
this code is embedded in an XPages and the XPages is displayed in XPinc
For some IBM Notes client (seems only the version 9.0.0), the timeline is not loaded.
With the 9.0.1+ version of the IBM Notes client, it works well.
Any idea ?
the pb was not due to the version of the Notes Client.
The Xpages was opened from a local replica.
The proxy congifuration did not allow to open the external websites (plateform.twitter.com) and the localhost (127.0.0.1) used for running the Xpages.
Changing the proxy setting in the location document by setting do not use proxy for localhost ip address solved the pb.
We need to access the intranet site called as "http://mysite/myapp".
And with using IE, every domain users can access the site without any prompt.
But, if the user try it with Chrome, the logon prompt shows at first. After entering credential just once, the prompt doesn't appear anymore for the access.
I'm just wondering any way to avoid the first-time logon prompt on Chrome.
And we don't want any chrome browser setting or shortcut for white listing per user. Because we can't handle many users Chrome one by one.
Any help will be appreciated.
Thanks.
Check the details of the Integration Authentication in this Chromium documentation:
http://www.chromium.org/developers/design-documents/http-authentication
With Integrated Authentication, Chrome can authenticate the user to an
Intranet server or proxy without prompting the user for a username or
password. It does this by using cached credentials which are
established when the user initially logs in to the machine that the
Chrome browser is running on. Integrated Authentication is supported
for Negotiate and NTLM challenges only.
Basically, execute Chrome with these switches to specify the auth schemes:
Chrome.exe --auth-server-whitelist="MYIISSERVER.DOMAIN.COM" --auth-negotiate-delegatewhitelist="MYIISSERVER.DOMAIN.COM" --auth-schemes="digest,ntlm,negotiate"
I tried running the command line but it wasn't working. I had to configure the same settings via the Windows Registry:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]
"AuthSchemes"="basic,digest,ntlm,negotiate"
"AuthServerWhitelist"="*domain"
"AuthNegotiateDelegateWhitelist"="domain,server.domain.com"
Then I Killed Chrome (cmd line: TaskKill /im chrome.exe) and restarted chrome and tried again and voila. Everything worked as expected.
I switched to the iPhone user agent during which time I visited Google, then I changed back to the default Firefox one again. I cleared all of my history, cache and cookies but Google still thinks I am on a mobile device and insists on directing me to the mobile site. I have checked my user agent and it is definitely the correct one and I have removed every single cookie in Firefox.
How is Google remembering this information? Is there some other sort of mechanism apart from cookies that remembers user settings? It doesn't do it in any other browser.
I've seen some issues such as this on Firefox. Which add-on are you using to change the UA?
To be absolutely sure what the UA String you can Check you User Agent String
Also you can check for cookies using the Fire Cookie Add-On
Normally i can fix this issue by Closing the web browser and starting up a new instance of Firefox.
My other issue with Firefox is that it caches HTTP redirection rules from a website, so if i change a HTTP redirection rule on the server Firefox does not immediately pick this up - This problem is also fixed by closing the web browser.
I solved this problem in firefox by resetting my default agent:
Tools->Default User Agent->Default User Agent
and then going to:
Tools->Clear Recent History->Cache