IDP Login request failed randomely from IE 11 browser

[P1Test1]

most of the login request failed from IE 11 browser. But it's worked with other browers(firefox/chrome/Edge) . Once I entered the login details, it will redirect to authenticationendpoint/retry.do or authenticationendpoint/claim.do

installed wso2 version is wso2is-5.5.0-rc2

[ruwanta]

Hi @P1Test1 , Is this observation same for WSO2 IS 5.9.0 ?

If yes, will you able to analyze the HTTP trace captured from your browser and see what would have gone wrong, comparing the working trace from firefox, etc.

[P1Test1]

Thanks. Could you please confirm whether wso2is-5.5.0-rc2 version support IE 11??

[ruwanta]

According to mail "[VOTE] Release WSO2 Identity Server 5.5.0 RC2" in WSO2 Developers' List, there has no blocker being reported against IE 11. Hence it should have been working at the time of release.

There are multiple reasons if it does not work on your setup, including recent update, some plugin installed, security policy, etc. You would need to compare the failing and passing HTTP trace to narrow down the possibilities.

[P1Test1]

Hi ,

I have analyzed the HTTP request, but there was no difference between success or failure codes. below i have attached the IE browser HHTP trace and wso2 audit logs

audit log Initiator : admin | Action : LoginStepSuccess | Target : ApplicationAuthenticationFramework | Data : { "ContextIdentifier" : "34a40147-52df-4b79-a849-517d6ca8606c","AuthenticatedUser" : "admin","AuthenticatedUserTenantDomain" : "xxxxxxx.com","ServiceProviderName" : "sg","RequestType" : "samlsso","RelyingParty" : "sg","AuthenticatedIdP" : "LOCAL" } | Result : Success

INFO {AUDIT_LOG}- Initiator : null | Action : Login | Target : ApplicationAuthenticationFramework | Data : { "ContextIdentifier" : "34a40147-52df-4b79-a849-517d6ca8606c","ServiceProviderName" : "sg","RequestType" : "samlsso","RelyingParty" : "sg","StepNo" : "0" } | Result : Failed

Could you please help on this

[madurangasiriwardena]

This should be because of the double submit issue in IE browser we have identified some time back and fixed with https://github.com/wso2/carbon-identity-framework/pull/1595.

To check if it is the actual cause, can you add the change in the PR to your basicauth.jsp page in the authenticationendpoint web app in your setup and see if it resolves the issue?

[P1Test1]

Yes.double submit is the root cause for this.I have fixed this on my setup.Thnaks for this.

[madurangasiriwardena]

Closing the issue since the said issue is fixed in the latest releases.