Problems using Windows Authentication

[bartvs]

Hi, We encountered a (pretty serious) problem accessing our web application from an extension using Windows Authentication. Besides the fact that the password is displayed as plain text (issue #62), it doesn't work at all in the current latest version of Photoshop CC 2014 (15.2.2) (CEPHTMLEngine 5.2.0.54). The problem is that the user is prompted only once and when a wrong name or password is entered, this is apparently cached and send over and over again to the server responding on the 401 responses. As a result, users are immediately locked out of AD since there were too many tries with a wrong password.

This works fine in the Photoshop CC 2015 (CEPHTMLEngine 6.1.0.164). Actually it seems that all versions of the Adobe applications that are using the CEPHTMLEngine use different versions...

My question: Is this a known problem? Is this actually fixed in a later version of the CEPHTMLEngine? In which version? Will this fix be available in an update for CC 2014?

Even better... Please make a descent username/password dialog... We are now overloading the javascript prompt to make it a bit descent for the user.

Thanks

• bart

[akibnavidkhan]

Hi, -Yes, this is known problem, workflow for credentials is improved and problem fixed in v6.1 and later. -I am not sure if there is an update planned for Photoshop CC 2014. -We have added native username/password dialog in CEP for credentials and will be available in 2017 release.

[bartvs]

Thanks for your quick response. Happy to hear that it is indeed fixed in 2015 (CEP6) (we noticed that, but now we're sure). Also happy with the fact that it will be improved in CC 2017 (CEP7)

However, we're stuck with the bug in the CC 2014 version. We have a work around for the ugly credential prompt problem, but not for the bug that makes it not work at all.

Please take this into consideration for a next CC 2014 update! It would help us a lot. Our clients have a pretty large installed base of CC 2014 and it will take a while before they can update to 2015.

What can I do to ask for a CC 2014 fix? Open an official support ticket?

Thanks!

[bbb999]

No CC 2014 updates are planned, for any Adobe application.

I'd recommend working with the customer to address/remove any issues that are keeping them stuck in obsolete versions.

Perhaps the Photoshop product team can offer more specific guidance.

[bartvs]

Well the last version of the CEPHtmlEngine (5.2.0.54) is from Oct 14 this year. This was in a Photoshop CC 2014 update very recently. So apparently updates are still coming...

I don't think that only one production version behind can be called 'obsolete' versions

edit: (I actually might be wrong here... I could have been installing a version that has been long out)

[bbb999]

Fair enough; I meant 'obsolete' as in "not current, not the recommended or best available version, already replaced and improved upon..."

I'm sure the customer had good reasons for failing to stay current; since you know a fix is available in more current versions, perhaps it's time they revisit the pro's and con's of using old versions, to see whether the improvements outweigh whatever pain they think they're avoiding by staying with old versions.

[bartvs]

@akibnavidkhan:

"-We have added native username/password dialog in CEP for credentials and will be available in 2017 release."

Just tested with the latest available versions (already released CEP version 7.0.0.59) and did not see any improvement... It still does comes up with the javascript prompt asking first for user name and a second time for a password (in plain text)

So... is there a change to be expected?

Thanks, bart

[akibnavidkhan]

Latest CEP version available for Photoshop CC 2017 is 7.0.0.67 and it still has javascript prompt. New changes will be included in mid 2017 release.

[bartvs]

Thanks for your quick reply

[bartvs]

So... just as a follow up on this topic

Yeah, fixed in the latest release... BUT....

As WinkyW also mentioned, why is it build so every panel and every dialog needs to login separately? This is really killing us. We had a (bit of a hack) workaround, but that is no longer possible in the new 'fixed' version :/

Are we really the only one struggling with this? It's not uncommon to have multiple panels and dialogs in one extension right? So why is there no option to have the authentication shared in anyway?

Can anyone share his or her thoughts in this?

Thanks!

[zhangusc]

@bartvs You can have a separate extension/dialog to handle the login and send credentials to all other extensions once logged.

[bartvs]

@zhangusc Thanks for your suggestion, but not possible since we do not have the credentials. In case of Windows authentication, it's not our login dialog. CEP (Chromium I guess) handles the authentication whenever you load some page or resource that requires authentication. (which was the fix for the original problem)

What should be shared between panels/dialogs (from the same extension) are cookies or whatever is cached to manage the authentication.

Your suggestion is already part of our workaround, but this involves also a server side authentication module to bypass the standard NTLM or Kerberos or whatever authentication (no expert in this)