Dealing with links embedded in Excel
Kevin P. Foote
kpfoote at iup.edu
Wed Sep 28 18:44:45 BST 2011
Thanks Keith / Michael -
Wow! ..shib users list is reading my mind.. / todo list :-)
This is great info!
I've received reports of errors on this same issue.. stating that
in previous semesters links embedded in M$Office products worked.. but
now they don't.
I was getting ready to back rev my dev IdP to do more investigation
whether or not the move from 2.2.1 to 2.3.3 was the culprit.
Seems the OS / Office combo is the place to look .. now I'll point back
to the Windows 7 desktop upgrade :-)
Thanks again guys..
On Wed, 28 Sep 2011, Wessel, Keith William wrote:
-> Yes, this is a Microsoft issue, not a Shib issue. We've even seen it in our legacy SSO (non-Shib) setup. Microsoft tries to pass the blame to the SSO in this KB article:
-> But at least they consider it to be a known issue.
-> There is a registry hack that will tell Ofice apps to open the link in the browser and not Office. It's not ideal, though, since it does meana registry modification.
-> Good luck, and if anyone's found another way around this, I'd love to hear about it, too.
-> From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On Behalf Of McDermott, Michael
-> Sent: Wednesday, September 28, 2011 12:13 PM
-> To: Shib Users
-> Subject: Dealing with links embedded in Excel
-> Dear Shib Users,
-> A crafty user has created a report that generates an excel file which will display a list of errors for their problem domain and a link to the specific record in the web application that manages that domain. The application is protected by shibboleth. All of the individual links work, they just do not work in when clicking them in Excel in Windows.
-> It seems that this problem is documented:
-> After some debugging, this is clearly an Excel problem, the root of which seems to be that Excel makes the initial http call and does not invoke the browser until it gets an http 200 response code (and in a normal interaction there would be a few redirects before you get to the login page). The effect is that the user's browser arrives at the Shibboleth IdP login screen, not knowing which SP this request is for and so the process fails after login. I have tried to work through this with both SP and IdP initiated AuthN and since they both use redirects, the error is the same.
-> On the surface it seems like there is a problem with Shibboleth, particularly since a diligent, non technical user will paste the link into their browser to confirm it works at all before calling.
-> As in the preceding posts, I do not have a work around in Excel (e.g. a way to make Excel open the browser and then pass in the link), so if someone does, please let me know.
-> At the very least this might server as a warning to others that this issue exists and your IdP works fine.
-> Michael J. McDermott
-> Lead Developer, Identity and Access Management
-> Brown University
More information about the users