|
|
Rank: Advanced Member
Groups: Member
Joined: 7/17/2015
Posts: 54
|
Dear Support Team,
one of our customers recognized an issue with Multi Factor Authentication. MFA should be suppressed on some devices.
When they launch their application in Chrome or Edge everything works fine. The exceptions pull and MFA remains suppressed. But if they load their application in our client using your browser in version 24.2.81, the MFA popup occurs even though they have set up exceptions on the server side.
In Azure the following exceptions are set:
- Require device to be marked as compliant (Windows 11 devices)
- Require Microsoft Entra hybrid joined device (Windows 10 devices)
- the device accesses from one of the defined IP address ranges
Are there some settings we could set for the WebBrowser, so that the MFA does not occour?
Or does your browser has a different marking so it is not recognized as a Chromium browser?
Best regards!
|
|
Rank: Administration
Groups: Administration
Joined: 5/27/2007
Posts: 24,392
|
Hi,
Please try the latest build and see if it works for you. The current version (v25) switched to a more integrated mode with the Chromium browser engine thus inherited many more default Chromium behaviors, some of them might affect whether it is being recongized as a Chromium browser.
Thanks!
|
|
Rank: Advanced Member
Groups: Member
Joined: 7/17/2015
Posts: 54
|
Hi,
thanks for your reply! Unfortunately the actual build doesn't work either.
But we have some more information: We compared the SAML2 requests of the different browser in the customers trace, and in the requests of your WebBrowser the device id is missing (like in Incognito mode), which they use for their MFA exceptions.
We found out that your browser seems to behave like Chrome or Edge in Incognito mode. In Incognito mode the SAML2 Authentication is not working.
Is there a way to configure the browser so that it doesn't behave like it does in incognito mode? Is it possible to configure session or token expiration?
Best regards!
|
|
Rank: Administration
Groups: Administration
Joined: 5/27/2007
Posts: 24,392
|
Hi,
EO.WebBrowser does not use incognito mode. However it does NOT share any cookies your system browser generates. So for example, if you login through Google Chrome on the computer, whatever authentication credentials saved by Google Chrome will not be shared with EO.WebBrowser. So when you visit the site with EO.WebBrowser, it will be as if you have never logged in with Google Chrome. Could this be the problem?
Thanks!
|
|
Rank: Advanced Member
Groups: Member
Joined: 7/17/2015
Posts: 54
|
Hi, we have new information about this toppic. After a long time of research we found out, that the issue is caused by a missing Device-ID in the authentication routine. The affected customers are using Microsoft Entra ID to enable SSO via PRT ( Primary Refresh Tokens). It works in Chrome and Edge because they have the Microsoft Account plugin installed in their browsers. So the question is: Is it possible to install this plugin in your browser? More and more customers are having problems with this type of authorisation. Thanks in advance! Best regards!
|
|
Rank: Administration
Groups: Administration
Joined: 5/27/2007
Posts: 24,392
|
Hi,
Version 25 should support extensions. The user would need to follow the same steps to install the extensions as in Chrome browser. Have you tried to install the extension through EO.WebBrowser? Note that the installed extensions are stored in the Engine object's CachePath. So make sure you do not switch cache path.
Thanks!
|
|