SPNEGO unavailability and error handling
Simon Lundström
simlu at su.se
Fri Sep 27 08:46:14 EDT 2019
On Fri, 2019-09-27 at 08:24:49 +0200, Daniel Lutz wrote:
>Wessel, Keith [26.09.19 22:50]:
>> 1. The wiki is pretty clear about the potential negative user experience in Internet Explorer for users on devices not joined to the domain. It doesn't mention the user experience in other browsers, though. Does anyone know if other browsers simply report SPNEGO being unavailable and the IdP immediately displays the spnego-unavailable template?
>
>Other browsers like Firefox, Chrome and Safari are not affected. They
>just return an "Unauthorized" error to the IdP, so the IdP can handle
>this cleanly. (I've just put a short note to the documentation in the
>section "Configuration of an Activation Condition".)
>
>I don't know if Edge is affected, I can't test this myself.
Good news everyone!
I forced one of my co-workers to test with both Edge, EdgeHTML-based,
and Edge Chromium-base on a computer which is joined to our AD (which
currently isn't cross-realmed with our KDC where the IDP "lives") and
both of them tried NTLM and both failed with the ntlm.message message
and no ugly popup ala IE.
So I, for one, welcome our new IE-less future.
BR,
- Simon
____________________________________
Simon Lundström
Section for Infrastructure
IT Services
Stockholm University
SE-106 91 Stockholm, Sweden
www.su.se/english/staff-info/it
https://www.su.se/english/about-this-website/privacy-policy
More information about the users
mailing list