Jérôme, can you try to reproduce it, please?

Hello Elliott

It looks like the SAML flow is broken for 2FA. What is your 2FA? Do you know if there is a way for us to get an account on this domain so we can reproduce it?
Do you know how to get logs from the Chrome console? Is there anything relevant?

Thanks,

Hello Elias,

Do you have idea how to debug that issue?

Thanks,

I am familiar with saving logs, but I am not sure what I am looking for or what you would need.  I'm happy to help diagnose if you can steer me toward the type of information that would be most helpful.

We use Duo Security as our two-factor authentication provider.  https://duo.com/

Please bear in mind that I am a tech-savvy end user, not a hard-core developer.  I will help as much as I can.

Thanks for the report, Elliott. +Mihai - do we have any POCs on the SAML side of things that we could loop in?

I think we need to follow-up the SAML issue internally with Gaia engineers. I'll send them an email about this.

Internal bug b://36771209

We believe this is a problem with the it.edu Identity Provider- the ID provider does not finish the sign-in flow. I think you should open this bug with them (not with Chromium).

I'm sorry, but I'm not sure what that means.

If you're saying it's a problem with IU.edu, I do not know how that could be.  I have been able to do this in the past in a previous version of Chrome.  In fact, I am on a different computer and am signed in right now.

There is also no problem with the 2FA in a standard HTTP page - it's only the chrome://chrome-signin page that this fails.

If there is any logging or other detail that I can provide, please let me know what you need.

We have tested with an internal test Saml domain we use and it worked fine for the chrome://chrome-signin works.
chrome://chrome-signin uses a special context (WebUI) for additional security (for example, the cookie store is separate from the main cookie store). I do not know how 2FA works on this site (or how Duo Security works), so I do not know what the requirements for this IdP are.

It is not clear to me how we can debug (or test this). I think the IdP is in a better position to debug this flow.

--Chrome Identity automated triaging--

This bug is Unconfirmed and has gone two weeks without any activity, so it is being closed as WontFix. Please re-open if this is still a valid and reproducible bug or feature request and mark it as Available. Please see https://goo.gl/78kbny for more details. Please remove the Services>SignIn or UI>Browser>Profiles components if this bug isn't related to Chrome Identity.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot