Unable to setup sync with SAML login
Reported by
alberto....@gmail.com,
Dec 27 2016
|
||||||
Issue descriptionUserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/55.0.2883.87 Chrome/55.0.2883.87 Safari/537.36 Steps to reproduce the problem: 1. navigate to chrome://chrome-signin 2. enter my corporate email 3. login through the company SSO 4. I get a "Service unavailable; try again later." popup message What is the expected behavior? The login should succeed and sync should be enabled. What went wrong? After a successful SAML login, the sync setup fails. Did this work before? N/A Chrome version: 55.0.2883.87 Channel: stable OS Version: Ubuntu 16.10 (Yakkety) Flash Version: I trie disabling the "Enable new gaia password-separated sign in flow" flag as suggested in #571001, with no change.
,
Jan 5 2017
The error message seems to indicate a transient error. Can you still reproduce this issue? If you can, could you take a screenshot of the error message and of chrome://sync-internals?
,
Jan 5 2017
Yes, I can reproduce constantly, I've had this issue (even though with different error message at times, since Chromium 53). Attached screenshot with the error message and sync-internals page. Thanks
,
Jan 5 2017
For the record, the same process works with Chrome 55.0.2883.87. The issue is specific to Chromium.
,
Jan 5 2017
What are the keys that you're using when building Chromium? >gn args out/Debug What are the arguments for the following keys: google_api_key google_default_client_id google_default_client_secret
,
Jan 5 2017
Actually, I just realized that it may not be wise to put these private values o a public bug. Please take a look at https://www.chromium.org/developers/how-tos/api-keys and use valid API keys with Chromium as otherwise signing in will not work.
,
Jan 5 2017
I'm not building it, I'm using the Ubuntu 16.10 package (version 55.0.2883.87-0ubuntu1.16.10.1330)
,
Jan 5 2017
Note that sync works fine with my personal google account (no SAML)
,
Jan 5 2017
Anthony/Roger: Do you guys know of any issue of signing in with a SAML account on a chromium build?
,
Jan 11 2017
Can I ask you for a screenshot of the chrome://signin-internals page? I'd also like to see a trace produced by opening chrome://net-internals and then reproducing the bug. The network trace is especially important if you continue to see the "Service unavailable" error message.
,
Jan 13 2017
The client id for chromium-browser on Ubuntu was changed in August, which caused this bug to start happening. We have a whitelist for clients allowed to use the authentication flow used by SAML on Ubuntu; changing the client id caused the browser to be unrecognized as belonging to this whitelist. For now I think the thing to do is have them change the client id back.
,
Jan 13 2017
,
Jan 13 2017
Thanks for the investigation on this issue. Does this means I should open a bug on the Ubuntu Chromium package?
,
Jan 17 2017
The bug is already open here: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1637957 To update the above, the client id for chromium-browser was changed because the old key was abused, so we'll have to update our internal whitelist. In the longer term, the whitelisted endpoint will be removed and SAML auth in chrome will use a different endpoint.
,
Jan 18 2017
Assigning to pnoland to do whitelisting, leaving at external as it won't be a chromium CL.
,
Jan 19 2017
Sync is working again for me as of today, thanks!
,
Jan 19 2017
|
||||||
►
Sign in to add a comment |
||||||
Comment 1 by gangwu@chromium.org
, Jan 4 2017