[IdP Mobile] Login not work on Android

Forge Component
(2)
Published on 7 Jan (2 weeks ago) by Telmo Martins
2 votes
Published on 7 Jan (2 weeks ago) by Telmo Martins

HI,

We have a strange issue with login via IdP Mobile. This issue appears only on Android devices, and it stars to occur the same day on UAT and DEV environment. UAT and DEV build are different. We asked SSO team if, there were any changes, that may affect the application, they said - no.

Seems that there is some problem with cookies/ redirects.

Please find screenshots below:

IOS (works normally):

Android (doesn't work):

We've got exactly the same problem, IOS is working properly. Android just gives back a ' Login cancelled', also in the IDP Mobile Sample. We've made no updates to the app. This problem exists on all environments (dev, test and production)

Hi,

I cannot reproduce it in my end. Is this happening in the latest version?

Are you able to check on which WB action of SamlLogin WebBlock is this occurring?

Regards

We're working with OutSystems 10, IdP Mobile version 2.0.1 and IdP version 3.5.2

We weren't able to debug it entirely but I believe it was happening on the 'InAppBrowserOnExit' action where the WasCancelled boolean was True

Telmo Martins wrote:

Hi,

I cannot reproduce it in my end. Is this happening in the latest version?

Are you able to check on which WB action of SamlLogin WebBlock is this occurring?

Regards

We also use Outystems 10, but IdP Mobile is 1.0.0

I have tried to debug, but still can't figure out where the issue occurs.

Put logger to "InAppBrowserOnLoadStart" and on Android we don't reach "UserLogin_Mobile".

So my assumption will be, that this may happen on loadStart/loadstop.


Regards

Hi,

Checking your printscreen of console on Android in more detail, something is not right. After the last loadstop event (from your IdP server) you must be redirected back to the IdP component to perform login on IdP side first and you are not. If you not changed anything on IdP side, something may have changed on IdP server side. 

Would say to check and put some additional logger on InAppBrowserOnLoadError WB action to find out if for some reason any redirect on the InAppBrowser is failing.


For instance, I got as expected in Android:

Regards


We are having the exact same issue. Haven't updated the app at all. Its showing up in the Dev, Test and Production environments. We have not updated the app, IdP, IdP Mobile. It just started showing up in the Android app but the iOS app works fine. Has anyone been able to find the issue or a work around?


Hi,

Are you using the latest version of InAppBrowserEvents?

Regards

Telmo Martins wrote:

Hi,

Are you using the latest version of InAppBrowserEvents?

Regards

We are using InAppBrowserEvents version 0.9.1, the newest version is 0.9.2 but that's just a direct upgrade for OutSystems 11

Hi Ruben,

Ok, that's also the same I've used to test. When the modal opens you are able to see the login screen and then some problem occurs after you enter the user/password? Or you are never able to see the login screen on the modal?

Regards

Hi Telmo,

I do see the login screen and I'm able to enter the necessary details. Just after Logging in the browser shows a '404 not found' really fast and then closes. After that i see the message 'Login cancelled'. At first I thought it was a problem with the IdP settings but that wouldn't be logical because the login works properly on IOS.

Regards

Telmo,


We are using InAppBrowserEvents version 0.9.1 also.


Ruben,

This page is    yourEnviroment/IdP/__CLOSE_THIS_THING__


So basically, as I understand instead of receiving cookies and proceed to IdP Issuer ( SSO.aspx) we go to the previous page and then to exit page.


Could it be connected with GIT repository, described in "InAppBrowserEvents" settings?

Regards

Hi,

If you are using the default messages (also the ones on IdP Mobile sample) that specific message "Login cancelled" only occurs in one scenario: the inAppbrowser had throw the exit event (which is when receives an URL that contains "__CLOSE_THIS_THING__" or the user manually closes the modal) and that event was triggered before the login process ends on the IdP component side.

What were the last logs on the device? Also at any times the idP receive any request for SSO.aspx?

If you have any sandbox where you can replicate the issue and could share it also let me know.

Regards

Hello,

Chiming in for the same issue: login is not possible with Android 7.0 or later. We are using IdP + IdP Mobile against Azure AD. This behaviour started simultaneously on all our environments and was first noticed somewhere around christmas (exact pinpointing is difficult because holidays and low use / no reports).

Our InAppBrowser plugin is using the latest tagged version from OutSystems GitHub repo:(https://github.com/OutSystems/cordova-plugin-inappbrowser/releases/tag/3.0.0-os)

I debugged this with chrome://inspect tooling to get better view how requests are going in and out within the InAppBrowser WebView, here's the result log:

Relevant findings:

  1. ProcessAuth is response from Azure AD after successful login, SAML response has a correct destination element which redirects to our /Idp/SSO.aspx
  2. SAML message processing goes as it should, request is recognized to be originating from mobile device by querying SAML logs.
  3. ExternalURL call at the end of Idp screen preparation (/IdP/SSO.aspx) is done correctly, to IdP/MobileCloseInAppPoint.aspx with token as url parameter
    1. Here is what Android does something differently:
    2. IdP Mobile / InAppBrowser loadstart event is not triggered for this request
  4. MobileCloseInAppPoint expects IdP mobile has done it's thing and calls the special url __CLOSE_THIS_THING__, which triggers loadstart event

We tried manipulate the status codes in SSO.aspx and MobileCloseInAppPoint.aspx, but had no results.

Another thing we've tried was to return a complete url from SSO.aspx, but again, no results.

I tried to get get the same network log from iOS using https://github.com/RemoteDebug/remotedebug-ios-webkit-adapter, but this is not possible at least for me. Based on the logs I do have, on iOS devices, InAppBrowser loadstart event is triggered for MobileCloseInAppPoint.aspx and therefore login process goes as expected.

Do we have any ideas what has changed to stop this event being triggered?

br,

-Mikko(N)


Some more additions:

  • Error start occurs near 11-12th of December for us.
  • IOS works as the Web version of IdP. I Use for log review Outsystems Now. It's not very correct to use it, but still, the issue can be reproduced.
  • When I create a dummy application with InAppBrowser, that go to the Web Application (Simple Web Page with SSO): 
    • Login works fine. Means that we can access this page.
    • Logs show, that issue still appears.
  • Try to use OutSystems GitHub Cordova InAppBrowser v1.7 - still the same.
  • The issue can be reproduced even on Android 5.


Telmo,

Unfortunately, we haven't Sandbox to test.


Seems that issue appears on any:

  •  Android devices regardless of version, 
  • Any SSO Provider (OKTA, Azure), 
  • Any IdP modules version (but probably same  InAppBrowserEvents version 0.9.1)
  • Almost at the same time (2nd half of December).


regards

Solution

Hi Mikko,

Just to make sure that the issue it's not the redirect, try to do the following:

- On IdP - MobileCloseInAppPoint preparation: replace the ExternalURL widget by a End widget

- On IdPMobile - SamlLogin InAppBrowserOnLoadStart action: before the LoginSuccess trigger, call the inAppBrowserRef_Close action. Also call the same action on the Exception flow before calling the trigger as well.

PS - Sergiy please try also this change. I cannot reproduce it with the latest version of the components with OKTA (oktapreview.com) on Android 8.0.0

Regards

Solution

Telmo Martins wrote:

Hi Mikko,

Just to make sure that the issue it's not the redirect, try to do the following:

- On IdP - MobileCloseInAppPoint preparation: replace the ExternalURL widget by a End widget

- On IdPMobile - SamlLogin InAppBrowserOnLoadStart action: before the LoginSuccess trigger, call the inAppBrowserRef_Close action. Also call the same action on the Exception flow before calling the trigger as well.


Regards

Hi,

After replacing externalUrl widget with End widget @ IdP / MobileCloseInAppPoint Preparation, loadStart event is now correctly triggered and IdP Mobile event handler picks the MobileCloseInAppPoint.aspx URL

After successful login, inAppBrowser can be closed using the explicit close action at Idp Mobile - SamlLogin - InAppBrowserOnLoadStart action.

For Android, issue seems to be resolved with these actions, some cleanup work is probably needed.

I tested these changes with iOS 10 and everything seems to be good in there, too.

Thanks,

-Mikko(N)

Telmo Martins wrote:

Hi Mikko,

Just to make sure that the issue it's not the redirect, try to do the following:

- On IdP - MobileCloseInAppPoint preparation: replace the ExternalURL widget by a End widget

- On IdPMobile - SamlLogin InAppBrowserOnLoadStart action: before the LoginSuccess trigger, call the inAppBrowserRef_Close action. Also call the same action on the Exception flow before calling the trigger as well.

PS - Sergiy please try also this change. I cannot reproduce it with the latest version of the components with OKTA (oktapreview.com) on Android 8.0.0

Regards

This also worked for us, thanks! We also checked Android and IOS, both are working fine now.

Thanks again,


Ruben


Works fine for me also.

Only thing, that on SamlLogout we need to manually close inAppBrowser browsers after all redirects.

But if we do the same for SamlLogout will help:

- On IdPMobile - SamlLogin InAppBrowserOnLoadStart action: before the LoginSuccess trigger, call the inAppBrowserRef_Close action. Also call the same action on the Exception flow before calling the trigger as well.


I think we can mark the problem as resolved.

Many thanks!

Hi,

Great news, in the next days I'll upload a new version of both components with this fix.

Regards

wow news is update very fast


Visit Us : http://www.indoking77.com (Agen Bola Resmi)


Indoking77 Merupakan Agen Bola Resmi yang menyediakan Judi taruhan bola di SBOBET maupun MAXBET/IBCBET dan
bukan hanya itu saja Indoking77 juga menyediakan berbagai permaian Kartu Remi seperti Poker Online, Baccarat Online,
Dragon bonus, dan lain-lain. Ada Juga permainan Tembak Ikan Online , Roulette Online, Bingo Online, Sicbo Online.

Hi,

New versions uploaded. Please let me know if it still occurs. I was able to also reproduce the issue in one device, and the change also fix it on that case.

idP Mobile it's a single upload that serves P10 and P11.
For IdP 4.0.2 for P11 and 3.5.4 for P10.

Regards