ferdium-app icon indicating copy to clipboard operation
ferdium-app copied to clipboard
verified publisher icon ferdium

Login into Google Account using Microsoft SSO

Open andreduartesp opened this issue 2 years ago • 13 comments

Avoid duplicates

  • [X] I agree to follow the Code of Conduct that this project adheres to.
  • [X] I have searched the issues tracker for a bug report similar to mine, in vain

Ferdium Version

6.2.7-nightly.4

What Operating System are you using?

macOS

Operating System Version

Ventura 13.3.1 (22E261)

What arch are you using?

x64

Last Known Working Ferdium version

6.2.7-nightly.4

Expected Behavior

Add any service with Google Login (including Gmail, Google Calendar, Google Drive) and be able to log in using Microsoft SSO

Actual Behavior

When I try to log in into Google Account using Microsoft SSO, I get error 405 after I came back from Microsoft login.

Steps to reproduce

  1. Click in add service
  2. Search for any Google service (or service using Google SSO)
  3. Try to log in using an account with Microsoft SSO
  4. Get error 405 from Google

Debug link

https://debug.ferdium.org/33ffee9b-cfb2-4036-b225-c0ad66c42a5c

Screenshots

image

Additional information

No response

andreduartesp avatar Apr 25 '23 05:04 andreduartesp

What's the behavior when using the same procedure but in a regular browser? IF this behavior is consistent in the regular browser, then we can't really do much in Ferdium.

vraravam avatar May 28 '23 00:05 vraravam

What's the behavior when using the same procedure but in a regular browser? IF this behavior is consistent in the regular browser, then we can't really do much in Ferdium.

Sorry about the delay, in any browser I've tried (Chrome, Safari, Firefox, Konqueror and Opera) the login was completed with success. I tried the same process with Franz, and worked too.

andreduartesp avatar Jun 10 '23 17:06 andreduartesp

I think I'm experiencing the same issue but im using Google Chat with jumpcloud.com login.

I've tried adding/removing Google Chat, clearing the cache etc. still only gives me the same error as @andreduartesp got, 405 malformed request.

I can confirm that it works as expected in a normal browser window but unable to get it working in ferdium.

debug link

Let me know if i can do anything to help troubleshoot.

andree392 avatar Jun 30 '23 15:06 andree392

I have the same issue with Google login (gmail, calendar and so on) via Okta SSO. It works fine on Chrome/Firefox

ftenaglia avatar Jul 13 '23 13:07 ftenaglia

I have the same problem.

Info about Ferdium version:

Version: 6.4.1 Server: Ferdium Server Electron: 25.5.0 Chrome: 114.0.5735.289 Node.js: 18.15.0 Platform: macOS Monterey Arch: x64 Build date: Tue Aug 15 2023 14:45:59 GMT+0100 (Western European Summer Time) Git SHA: 09ee519f Git branch: release

afvieira avatar Sep 19 '23 08:09 afvieira

So i was looking into this a bit more, for me the 405 link is

https://accounts.google.com/samlrp/acs?rpid=ID

found some info here Google Cloud Single Sign on

not really sure what needs to change guessing that url needs to be added to webview.js ill see if i can play around with it later.

andree392 avatar Oct 03 '23 09:10 andree392

Hey! This issue is possibly fixed in the latest stable (if you have an arm64 computer don't update, we are having issues with that build). Or use the latest nightly (again, not for arm64)

SpecialAro avatar Oct 04 '23 22:10 SpecialAro

It's still broken on version 6.5.1, so not fixed yet unfortunately.

i think atleast for my problem there needs to some handling of these values

The external IdP returns a specially crafted HTML page that causes your browser to immediately send an HTTP POST request to the ACS URL. This request contains two parameters:

  • RelayState, which contains the value originally passed to the IdP in the SAML authentication request.
  • SAMLResponse, which contains the base64-encoded SAML assertion. The SAML assertion is an XML document that states that the IdP has successfully authenticated the user. In decoded form, the SAML assertion looks similar to the following:

<samlp:Response ...>
  ...
  <Assertion x...>
    <Issuer>https://idp.example.org/</Issuer>
    <Signature ...>
      ...
    </Signature>
    <Subject>
      <NameID Format="...:nameid-format:emailAddress">[email protected]</NameID>
      ...
    </Subject>
    <Conditions NotBefore="..." NotOnOrAfter="...">
      <AudienceRestriction>
        <Audience>google.com</Audience>
      </AudienceRestriction>
    </Conditions>
    <AttributeStatement>
      ...
    </AttributeStatement>
    <AuthnStatement AuthnInstant="..." ...>
      <AuthnContext>
        <AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</AuthnContextClassRef>
      </AuthnContext>
    </AuthnStatement>
  </Assertion>
</samlp:Response>

from google docs

it is a bit strange because this works fine in a browser..

trackd avatar Oct 04 '23 22:10 trackd

Hi, I'm hitting this issue also (same behavior and 405 error), using version 6.7.3

sjoubert avatar May 13 '24 10:05 sjoubert

Hi guys, hitting the same bug with version 6.7.4 on Okta SSO.

waldman avatar Jul 29 '24 14:07 waldman

I guess Ferdium doesn't behave well with Google Login + SSO in general. Can't use Calendar or Gmail with Jumpcloud SSO on v7.0.0

vitorhugods avatar Mar 12 '25 10:03 vitorhugods