iaik-jheher
commented
5 months ago After we failed to reproduce the issue in any of our test configurations, we finally managed to track it down with the help of reporting users.
In some unspecified configurations, users will land on a "Please open the Digitales Amt app" page (undecided.aspx) instead of the main "Please sign using the Digitales Amt app" page. On this particular page, and this page only, the long-polling URL has an incorrect session ID, which is incorrectly truncated at the . character.
This results in a request to a non-existent session ID's UndecidedPolling.aspx long-poll handler, which immediately returns the string session expired. This is, of course, not conformant JSON (which is what is expected). On the A-Trust web interface, this error is handled by waiting for 10 seconds then reloading the page. PDF-Over does not do this, but instead hangs.
So, in short: the long-polling URL is wrong (also on the web), but the web version just reloads after 10s, which masks the error. PDF-Over doesn't (yet).
We'll contact A-Trust to get them to fix the URL, and also adjust PDF-Over in an upcoming release to adopt A-Trust's error handling (reloading after 10s).
For some users (but not all), the signature process hangs on "please open the app" screen. This behavior appears to have started late on the 27th of March. Investigation started early today.