search

ferdium / ferdium-app

All your services in one place, built by the community
https://ferdium.org
Apache License 2.0
2.85k stars 170 forks source link

Login into Google Account using Microsoft SSO #1128

Open andreduartesp opened 1 year ago

andreduartesp commented 1 year ago

Avoid duplicates

Ferdium Version

6.2.7-nightly.4

What Operating System are you using?

macOS

Operating System Version

Ventura 13.3.1 (22E261)

What arch are you using?

x64

Last Known Working Ferdium version

6.2.7-nightly.4

Expected Behavior

Add any service with Google Login (including Gmail, Google Calendar, Google Drive) and be able to log in using Microsoft SSO

Actual Behavior

When I try to log in into Google Account using Microsoft SSO, I get error 405 after I came back from Microsoft login.

Steps to reproduce

  1. Click in add service
  2. Search for any Google service (or service using Google SSO)
  3. Try to log in using an account with Microsoft SSO
  4. Get error 405 from Google

Debug link

https://debug.ferdium.org/33ffee9b-cfb2-4036-b225-c0ad66c42a5c

Screenshots

image

Additional information

No response

vraravam commented 1 year ago

What's the behavior when using the same procedure but in a regular browser? IF this behavior is consistent in the regular browser, then we can't really do much in Ferdium.

andreduartesp commented 1 year ago

What's the behavior when using the same procedure but in a regular browser? IF this behavior is consistent in the regular browser, then we can't really do much in Ferdium.

Sorry about the delay, in any browser I've tried (Chrome, Safari, Firefox, Konqueror and Opera) the login was completed with success. I tried the same process with Franz, and worked too.

andree392 commented 1 year ago

I think I'm experiencing the same issue but im using Google Chat with jumpcloud.com login.

I've tried adding/removing Google Chat, clearing the cache etc. still only gives me the same error as @andreduartesp got, 405 malformed request.

I can confirm that it works as expected in a normal browser window but unable to get it working in ferdium.

debug link

Let me know if i can do anything to help troubleshoot.

ftenaglia commented 1 year ago

I have the same issue with Google login (gmail, calendar and so on) via Okta SSO. It works fine on Chrome/Firefox

afvieira commented 1 year ago

I have the same problem.

Info about Ferdium version:

Version: 6.4.1 Server: Ferdium Server Electron: 25.5.0 Chrome: 114.0.5735.289 Node.js: 18.15.0 Platform: macOS Monterey Arch: x64 Build date: Tue Aug 15 2023 14:45:59 GMT+0100 (Western European Summer Time) Git SHA: 09ee519f Git branch: release

andree392 commented 1 year ago

So i was looking into this a bit more, for me the 405 link is

https://accounts.google.com/samlrp/acs?rpid=ID

found some info here Google Cloud Single Sign on

not really sure what needs to change guessing that url needs to be added to webview.js ill see if i can play around with it later.

SpecialAro commented 1 year ago

Hey! This issue is possibly fixed in the latest stable (if you have an arm64 computer don't update, we are having issues with that build). Or use the latest nightly (again, not for arm64)

trackd commented 1 year ago

It's still broken on version 6.5.1, so not fixed yet unfortunately.

i think atleast for my problem there needs to some handling of these values

The external IdP returns a specially crafted HTML page that causes your browser to immediately send an HTTP POST request to the ACS URL. This request contains two parameters:

  • RelayState, which contains the value originally passed to the IdP in the SAML authentication request.
  • SAMLResponse, which contains the base64-encoded SAML assertion. The SAML assertion is an XML document that states that the IdP has successfully authenticated the user. In decoded form, the SAML assertion looks similar to the following: 

<samlp:Response ...>
  ...
  <Assertion x...>
    <Issuer>https://idp.example.org/</Issuer>
    <Signature ...>
      ...
    </Signature>
    <Subject>
      <NameID Format="...:nameid-format:emailAddress">bob@example.org</NameID>
      ...
    </Subject>
    <Conditions NotBefore="..." NotOnOrAfter="...">
      <AudienceRestriction>
        <Audience>google.com</Audience>
      </AudienceRestriction>
    </Conditions>
    <AttributeStatement>
      ...
    </AttributeStatement>
    <AuthnStatement AuthnInstant="..." ...>
      <AuthnContext>
        <AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</AuthnContextClassRef>
      </AuthnContext>
    </AuthnStatement>
  </Assertion>
</samlp:Response>

from google docs

it is a bit strange because this works fine in a browser..

sjoubert commented 4 months ago

Hi, I'm hitting this issue also (same behavior and 405 error), using version 6.7.3

waldman commented 2 months ago

Hi guys, hitting the same bug with version 6.7.4 on Okta SSO.