We need to ensure only webcam and not audio is given. It seems media permissions on Chrome OS are given to both simultaneously?

Regarding the use of QR codes for login - what will prevent someone from making a photocopy of someone else's badge? 

Will a password still be required?

That's entirely up to IdPs (e.g. clever.com/badges). This change will simply give a policy to admins to allow video capture for a certain set of domains in the SAML flow.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/cfcb9306e198a4e56facc865a60f45ce6d28f1aa

commit cfcb9306e198a4e56facc865a60f45ce6d28f1aa
Author: cernekee <cernekee@chromium.org>
Date: Tue May 03 23:19:26 2016

Allow SAML logins to use the webcam

Add a new opt-in policy, LoginVideoCaptureAllowedUrls, that works in a
similar way to the existing VideoCaptureAllowedUrls policy.  SAML
login pages listed in the whitelist will be allowed to access the
webcam (no audio).  If the policy is unset or the list is empty, all
SAML login pages will be denied webcam access.

BUG= 606979 
TEST=whitelist https://clever.com via YAPS and verify with
     mo@clever.academy login

Review-Url: https://codereview.chromium.org/1936903002
Cr-Commit-Position: refs/heads/master@{#391390}

[modify] https://crrev.com/cfcb9306e198a4e56facc865a60f45ce6d28f1aa/chrome/browser/chromeos/login/ui/webui_login_view.cc
[modify] https://crrev.com/cfcb9306e198a4e56facc865a60f45ce6d28f1aa/chrome/browser/chromeos/policy/device_policy_decoder_chromeos.cc
[modify] https://crrev.com/cfcb9306e198a4e56facc865a60f45ce6d28f1aa/chrome/browser/chromeos/policy/proto/chrome_device_policy.proto
[modify] https://crrev.com/cfcb9306e198a4e56facc865a60f45ce6d28f1aa/chrome/browser/chromeos/settings/device_settings_provider.cc
[modify] https://crrev.com/cfcb9306e198a4e56facc865a60f45ce6d28f1aa/chrome/browser/resources/gaia_auth_host/saml_handler.js
[modify] https://crrev.com/cfcb9306e198a4e56facc865a60f45ce6d28f1aa/chrome/test/data/policy/policy_test_cases.json
[modify] https://crrev.com/cfcb9306e198a4e56facc865a60f45ce6d28f1aa/chromeos/settings/cros_settings_names.cc
[modify] https://crrev.com/cfcb9306e198a4e56facc865a60f45ce6d28f1aa/chromeos/settings/cros_settings_names.h
[modify] https://crrev.com/cfcb9306e198a4e56facc865a60f45ce6d28f1aa/components/policy/resources/policy_templates.json
[modify] https://crrev.com/cfcb9306e198a4e56facc865a60f45ce6d28f1aa/tools/metrics/histograms/histograms.xml

Please provide automated unit and integration tests.

Two additional requirements from legal were

1. Proper UI attribution for video flow <https://codereview.chromium.org/1966853002/>

2. Timeout to reset login flow <https://codereview.chromium.org/1983433002>


To ensure we don't complicate the implementation too much, we are fine with the timeout applying to all SAML flows (video and non-video) and setting it at three minutes.

When testing video capturing during SAML login on a real device (Toshiba), I noticed that the camera LED is still on after canceling the login. It only turns off when a new login process is initiated (before the video-requesting IdP page is reached). However, it may be a local problem with my device (as, in fact, I don't see the video capture at the Clever.com's page).
Does anybody else see the same behavior?

Re 9 - I reproduced the same on Pixel.
Looks like the SAML webview still works in the background even after the SAML flow is canceled.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/a965a46038909b25ed0d7b14590c8d97df36f780

commit a965a46038909b25ed0d7b14590c8d97df36f780
Author: cernekee <cernekee@chromium.org>
Date: Wed May 18 20:03:11 2016

Add indication of camera use on SAML webcam logins

SAML logins on Chrome OS currently display a banner showing the
"authDomain" of the sign-in service.  If the sign-in service tries to
enable the user's webcam, change this banner to warn the user by
adding "is using your camera" verbiage and a red "recording" dot.

BUG= 606979 
TEST=manual
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:closure_compilation

Review-Url: https://codereview.chromium.org/1966853002
Cr-Commit-Position: refs/heads/master@{#394519}

[modify] https://crrev.com/a965a46038909b25ed0d7b14590c8d97df36f780/chrome/app/chromeos_strings.grdp
[modify] https://crrev.com/a965a46038909b25ed0d7b14590c8d97df36f780/chrome/app/theme/theme_resources.grd
[modify] https://crrev.com/a965a46038909b25ed0d7b14590c8d97df36f780/chrome/browser/resources/chromeos/login/screen_gaia_signin.css
[modify] https://crrev.com/a965a46038909b25ed0d7b14590c8d97df36f780/chrome/browser/resources/chromeos/login/screen_gaia_signin.html
[modify] https://crrev.com/a965a46038909b25ed0d7b14590c8d97df36f780/chrome/browser/resources/chromeos/login/screen_gaia_signin.js
[modify] https://crrev.com/a965a46038909b25ed0d7b14590c8d97df36f780/chrome/browser/resources/gaia_auth_host/authenticator.js
[modify] https://crrev.com/a965a46038909b25ed0d7b14590c8d97df36f780/chrome/browser/resources/gaia_auth_host/saml_handler.js
[modify] https://crrev.com/a965a46038909b25ed0d7b14590c8d97df36f780/chrome/browser/ui/webui/chromeos/login/signin_screen_handler.cc

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/75619fb6b1c62cfce2ac70a0dab6c0e5ddbd1049

commit 75619fb6b1c62cfce2ac70a0dab6c0e5ddbd1049
Author: cernekee <cernekee@chromium.org>
Date: Wed May 18 22:14:03 2016

Add timeout for SAML webcam logins

In order to avoid leaving the camera on for extended periods of time,
ensure that SAML webcam logins time out after one minute.  This has
the same effect as clicking the "X" button.

BUG= 606979 
TEST=manual
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:closure_compilation

Review-Url: https://codereview.chromium.org/1983433002
Cr-Commit-Position: refs/heads/master@{#394571}

[modify] https://crrev.com/75619fb6b1c62cfce2ac70a0dab6c0e5ddbd1049/chrome/browser/resources/chromeos/login/screen_gaia_signin.js

> Looks like the SAML webview still works in the background even after the SAML flow is canceled.

Same issue here on a Pixel 1 (link).  Should we just destroy the webview when the user cancels out?

I did notice that when the flow is restarted, the camera LED turns off.

In my testing I'm using a device that already has an owner set, and I'm clicking "Add person" to exercise the SAML flow.

And after powerwashing, I see that the camera is deactivated immediately upon canceling the SAML camera login and returning to the "Sign in to your Chromebook" dialog.

I think this only happens when pods exist on the login screen. So the cancel button is clicked, the webview is simply hidden but not transitioned back to accounts.google.com. When you click "Add Person" again, the webview URL is changed so the camera action is gone.

This is a bug we need to fix. The camera capture can effectively stay in the background in the even that the X sends the user back to the pods. When the flow is cancelled, the webview URL needs to be changed back to whatever it was.

M52 Branch is today. Is this work done?

Marking this bug as fixed.

Re comments 9-10, 13-15: the fix for the bug will be tracked in a separate  issue 613245 .

Verified on Peppy: 8350.3.0;52.0.2743.0. Will add more notes.