Closed bsdooby closed 10 months ago
Additional observation on this issue :
MacOs 14.1 SafeBrowser v3.3
Moodle logon page opens,
Moodle logon page opens,
Tier auth logon pages opens,
.seb config is with url filtering (see below)
Moodle logon page opens, Using tier Authentication and Authorization Infrastructure (Switch's Shibboleth):
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>showTaskBar</key>
<true/>
<key>allowWlan</key>
<false/>
<key>showReloadButton</key>
<true/>
<key>showTime</key>
<true/>
<key>showInputLanguage</key>
<true/>
<key>allowQuit</key>
<true/>
<key>quitURLConfirm</key>
<true/>
<key>audioControlEnabled</key>
<false/>
<key>audioMute</key>
<false/>
<key>allowSpellCheck</key>
<false/>
<key>browserWindowAllowReload</key>
<true/>
<key>URLFilterEnable</key>
<true/>
<key>URLFilterEnableContentFilter</key>
<false/>
<key>URLFilterRules</key>
<array>
<dict>
<key>action</key>
<integer>1</integer>
<key>active</key>
<true/>
<key>expression</key>
<string>https://wayf.switch.ch/SWITCHaai/*</string>
<key>regex</key>
<false/>
</dict>
<dict>
<key>action</key>
<integer>1</integer>
<key>active</key>
<true/>
<key>expression</key>
<string>https://bfh.login.eduid.ch/idp/profile/SAML2/Redirect/*</string>
<key>regex</key>
<false/>
</dict>
<dict>
<key>action</key>
<integer>1</integer>
<key>active</key>
<true/>
<key>expression</key>
<string>https://moodle.bfh.ch/mod/quiz/*</string>
<key>regex</key>
<false/>
</dict>
<dict>
<key>action</key>
<integer>1</integer>
<key>active</key>
<true/>
<key>expression</key>
<string>https://moodle.bfh.ch/local/bfh_dual_login/index.php*</string>
<key>regex</key>
<false/>
</dict>
<dict>
<key>action</key>
<integer>1</integer>
<key>active</key>
<true/>
<key>expression</key>
<string>https://moodle.bfh.ch/login/index.php</string>
<key>regex</key>
<false/>
</dict>
<dict>
<key>action</key>
<integer>1</integer>
<key>active</key>
<true/>
<key>expression</key>
<string>https://moodle.bfh.ch/Shibboleth.sso*</string>
<key>regex</key>
<false/>
</dict>
<dict>
<key>action</key>
<integer>1</integer>
<key>active</key>
<true/>
<key>expression</key>
<string>https://login.eduid.ch/idp/profile/SAML2/Redirect/SSO*</string>
<key>regex</key>
<false/>
</dict>
<dict>
<key>action</key>
<integer>1</integer>
<key>active</key>
<true/>
<key>expression</key>
<string>https://moodle.bfh.ch/auth/shibboleth*</string>
<key>regex</key>
<false/>
</dict>
</array>
<key>startURL</key>
<string>https://moodle.bfh.ch/mod/quiz/view.php?id=2083284</string>
<key>sendBrowserExamKey</key>
<true/>
<key>examSessionClearCookiesOnStart</key>
<false/>
<key>allowPreferencesWindow</key>
<false/>
<key>hashedQuitPassword</key>
<string>8577da2ea54085708b3b851bc50315a36bb740ba5135e747cfb12457b5d3060f</string>
<key>browserWindowWebView</key>
<integer>3</integer>
</dict>
</plist>
Hope that helps.
Does it work without URL filtering?
If yes, then you need to update your URL filters.
Hi @danschlet thanks for your feedback, Could you enlgiht us how/what should be changed (as the URL filtering works fine when launched from windows OS) ?
Cheers Bruno
As a reminder: If you use URL filtering and some SEB config doesn't work which works without URL filtering:
thanks a lot will try that.
And in general:
In general URL filter rules should by compatible between SEB for Windows and macOS. BUT the browser engines are not the same, and it's very much possible that a browser engine difference can cause an incompatibility. Also SEB for macOS and iOS can use two different versions of the WebKit browser engine for backwards compatibly. This depends on used SEB settings (or Moodle version if you're using the built-in Moodle SEB integration). The old classic WebView might not work at all with some modern websites/web applications.
There you go
[logs removed]
Found:
2023/11/17 10:15:30:626 Started application with bundle ID: com.apple.WebKit.WebContent
2023/11/17 10:15:30:874 BrowserWindow <SEBBrowserWindow: 0x12badac60>: Title of current Page: Safe Exam Browser 3.3 —
2023/11/17 10:15:30:878 This resource was blocked by the URL filter: https://login.eduid.ch/idp/profile/user/system/shared-local-storage
2023/11/17 10:15:30:878 Navigation action policy for URL https://login.eduid.ch/idp/profile/user/system/shared-local-storage was 'cancel'
Ok : Adding solved the issue :
<dict>
<key>action</key>
<integer>1</integer>
<key>active</key>
<true/>
<key>expression</key>
<string>https://login.eduid.ch/idp/profile/user/system/shared-local-storage</string>
<key>regex</key>
<false/>
</dict>
Tested ok on both Win and Macos
Thanks a lot @danschlet for the leads !
https://login.eduid.ch/idp/profile/user/system/shared-local-storage is definitely not allowed with the URL filters you listed above. I assume that this URL is not called when SEB for Windows accessed the edu id login, maybe because of web browser compatibiltity.
Probably it's safe if you define a less strict URL filter like
https://login.eduid.ch/idp/profile/*
(or even just https://login.eduid.ch/*
, but then you would need to test if you can navigate to unwanted pages on the login.eduid.ch subdomain).
Welcome. This just confirms what we mentioned before (but we should probably add it to the manuals): Creating correctly working URL filter rules is complicated and cumbersome. You may think some rules work, but if some little detail changes on a website or in a web application, URL filter rules might stop working. Also as we saw here, web browser engine compatibility might create issues. So the tip with checking log files is important to follow, before reporting an SEB issue 😉.
Welcome. This just confirms what we mentioned before (but we should probably add it to the manuals): Creating correctly working URL filter rules is complicated and cumbersome. You may think some rules work, but if some little detail changes on a website or in a web application, URL filter rules might stop working. Also as we saw here, web browser engine compatibility might create issues. So the tip with checking log files is important to follow, before reporting an SEB issue 😉.
Yes, the manual is comprehensive and detailed. With the rush factor, when such problems arise during operations, we read too diagonally perhaps ... Nevertheless, your suggestions and the verboses logs were a lifesaver. Sorry for the distraction.
SEB 3.3 (1487D) on macOS 14.1.1 (M1) cannot redirect or connect to auth. Moodle instance (Bern University of Applied Sciences). We are using a template
config.seb
file for this...expected: continue to the Moodle instance and/or exam page.
observed: on macOS, the SWITCH edu-ID auth. screen is displayed: entering valid credentials then tries to redirect to the Moodle instance, but a blank (white) screen appears.
solutions/workaround: on Windows, the same
config.seb
works.