Issue metadata
Sign in to add a comment
|
Unable to sign-in with SAML
Reported by
kala...@gmail.com,
Oct 3
|
||||||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.45 Safari/537.36 Steps to reproduce the problem: 1. Goto Settings 2. Click on Turn on Sync What is the expected behavior? Sign in sync. What went wrong? Since last two version of Chrome Beta, I am unable to sign into sync. Once I enter my credential it puts me at my landing page without signing me into sync account. Did this work before? Yes First Chrome Beta Chrome version: 70.0.3538.45 Channel: beta OS Version: 10.0 Flash Version:
,
Oct 4
,
Oct 4
Unable to reproduce the issue on win-10 using chrome reported version #70.0.3538.45 and latest canary #71.0.3569.0. Attached a screen cast for reference. Following are the steps followed to reproduce the issue. ------------ 1. Opened chrome and navigated to Settings. 2. Clicked on Turn on Sync and signed into account. 3. Observed that the account got synced without any issues. Note: Tested by setting #network-service flag at chrome://flags to default/enabled/disabled. Everytime the signed in account got synced. kalaria@ - Could you please check the issue on latest canary #71.0.3569.0 by setting #network-service flag at chrome://flags to enabled/disabled by creating a new profile without any apps and extensions and please let us know if the issue still persist or not. Thanks...!!
,
Oct 4
Hello, It was set to default. I set it to enabled and it still didn't work. It worked when I set it to disabled. Now its set back to default. Not sure what was causing the issue.
,
Oct 4
Thank you for providing more feedback. Adding the requester to the cc list. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 4
Also, note that I did that in Beta version and not Canary.
,
Oct 5
As per comment #4, it seems that google sign in sync worked properly when #network-service flag at chrome://flags is set to disabled. Hence, requesting some one from Internals>Network team to please have a look into the issue and removing the Needs-Bisect label as the issue is not reproducible from TE-end. kalaria@ - Could you please provide netlog dump by following steps in the below url: https://www.google.com/url?q=https://www.chromium.org/for-testers/providing-network-details&sa=D&source=hangouts&ust=1538802784313000&usg=AFQjCNFMWz5xGGU3iWFy_ScDQ3-dsmnUkw Thanks...!!
,
Oct 5
Hello, I can replicate the issue on the machine. If I sign-off and try to relogin with #network-service enabled I run into the same issue again. The only way it works for me is to turn of #network-service and relog and turn it back on. I took two dumps one with #network-service on and one with #network-service off. Thanks
,
Oct 5
Thank you for providing more feedback. Adding the requester to the cc list. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 5
Another log with network-service disabled which allows to login into google sync. Also note that once I am signed off and #network-service is enabled it doesn't allow me to login into Gmail, calendar, drive either. https://drive.google.com/open?id=19KuZUJ8pkthrdSToj3NkIWSHZoLEg-Ct - Can't attach it because the log is big 35 MB.
,
Oct 5
cc'ing jam and Dxie
,
Oct 5
Reilly: can you please take a look?
,
Oct 5
looking at the video by the reporter, it seems that the request is intercepted by an extension (looks like a blue circle on the corner). I'll figure out what that extension is and try to repro with that installed.
,
Oct 5
in the mean time, kalaria@gmail.com, can you let us know which extension you have installed? It seems there is a one that deals with sign in requests. If you can disable that one and give it a try, that'd help a lot.
,
Oct 5
,
Oct 5
kalaria@gmail.com: Can you try the following: Enable the network service in chrome://flags and disable Okta to see if you can log into sync?
,
Oct 5
kalaria@gmail.com: if you are blocked from your day-to-day workflow, please go to chrome://flags and set "enable network service" to disable. We are investigating this issue.
,
Oct 5
I have no clue how to disable okta. Its single sign-on probably set up in gsuites I am not running any addon. Yes, the workaround seems to work for now. Thanks
,
Oct 5
The Okta extension is using the webRequest API to intercept and modify requests. It is possible this is interacting poorly with the interception that the Chrome Signin code does for Google login pages.
,
Oct 5
This may also be a poor interaction with a domain configured for SAML login and not be Okta specific. Does our QA team have one of these set up for testing?
,
Oct 5
Copying my comment from https://bugs.chromium.org/p/chromium/issues/detail?id=879700#c5; if there's something I'm missing please let me know. I tried adding Okta to a personal domain that uses GSuite. Here's what I tried but I couldn't repro. Am I missing a step or doing something in the wrong order? Each of the cases below (a/b/c) were done in a fresh chrome profile after browser reboot and with network service enabled. A) sign in to browser with gsuite login install okta extension sign in to okta, from their site try to open gmail (gmail opens) B) sign in to okta (not to google) install okta extension try it to open gmail app (works) try to turn on sync (works) c) install okta extension sign in to browser I then went into the GSuite settings in Okta and turned on SSO through SAML, and also turned on SSO in GSuite security settings. I tried the above 3 scenarios and still couldn't reproduce.
,
Oct 6
Update: Reilly found out that: 1) this only happens in Beta, but not dev or canary (I was using canary) 2) this happens with and without the Okta extension installed @kalaria: can you please try this with canary/dev and see if it works there?
,
Oct 6
One more note: Since canary/dev work, I tried to bisect (with chromium): -trunk works -595531 and 595530 work (change that stopped sending non-navigation browser requests to webrequest) -587811 (revision at which 70 branched) works I could confirm that beta on Linux also doesn't work, while dev does. So I wonder if something got merged to beta branch which caused this to stop working?
,
Oct 6
Yes, it started happening after 2-3 Beta's ago from the current version. I will test out the dev/canary.
,
Oct 6
Ok good news is that Reilly went back in time and fixed this in https://chromium-review.googlesource.com/c/chromium/src/+/1207712, so we just need to merge that small cl.
,
Oct 6
,
Oct 6
Thanks past me! Requesting merge of the patch in comment 27 to M-71. This is code for the Network Service experiment and is not exercised with the Network Service disabled.
,
Oct 6
Ignore that. I see jam@ has requested merge on another issue.
,
Oct 8
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by kala...@gmail.com
, Oct 3