ferdium-app icon indicating copy to clipboard operation
ferdium-app copied to clipboard
verified publisher icon ferdium

Latest update breaks Okta auth for managed devices

Open OldhamMade opened this issue 1 year ago • 1 comments

Avoid duplicates

  • [X] I agree to follow the Code of Conduct that this project adheres to.
  • [X] I have searched the issues tracker for a bug report similar to mine, in vain

Ferdium Version

6.7.5

What Operating System are you using?

macOS

Operating System Version

14.5 (23F79)

What arch are you using?

x64

Last Known Working Ferdium version

6.7.4

Expected Behavior

Authenticating via Okta with a managed device is successful, and the app (for example, Gmail) opens successfully.

Actual Behavior

Authenticating via Okta with a managed device is unsuccessful, and Okta reports a DENY response for the managed device.

Steps to reproduce

Not sure whether this is something that could be reproduced by developers without working for a company with managed devices and Okta. I'll be happy to test new versions though.

Debug link

No response

Screenshots

No response

Additional information

From what we can tell from the logs, version 6.7.5 of Ferdium isn't providing device information to Okta, and any authentication steps that check managed device status therefore fail. Rolling back to 6.7.4, the process works as expected and Okta shows the device details in the logs. This is the first time I've experienced this issue in the last 12 months using Ferdium on a managed device.

Checking the diff, nothing is particularly standing out as a cause, though I'm not too familiar with the project or nodejs development in general. Still, I can't see any auth libs that have changed versions which could lead to a cause.

OldhamMade avatar Jul 09 '24 12:07 OldhamMade

+1 also hitting this issue on 6.7.5, and can confirm reverting back to 6.7.4 fixes the issue

BrentLayne avatar Jul 15 '24 13:07 BrentLayne

+1 having this issue with any version after 6.7.5 Reverting to 6.7.4 fixes the issue.

Happy to help with testing if needed

gylas avatar Oct 17 '24 08:10 gylas

FYI, I'm now having issues on 6.7.4 in that Google services that require Okta authentication are failing to load.

OldhamMade avatar Dec 04 '24 06:12 OldhamMade

I am having issues with Gmail/Calendar + Okta with both 6.7.4 and 7

julienchamp avatar Dec 04 '24 13:12 julienchamp

This looks more like a duplicate of #1973, than an issue with Okta-integrated products in general. I have a Slack service, for example, that is Okta-integrated and still works fine; only my Google services are affected.

bear454 avatar Dec 04 '24 16:12 bear454

My experience is the same as @bear454: Okta-slack is fine, Okta-google-{thing} fails.

I'm seeing this error in the console, in case it helps identify the issue (trimmed for privacy):

node:electron/js2c/renderer_init:2 Uncaught (in promise) Error: Error invoking remote method 'GUEST_VIEW_MANAGER_CALL': Error: ERR_ABORTED (-3) loading 'https://myorg.okta.com/app/google/{somekey}/sso/saml?SAMLRequest={long-payload}&RelayState=https%3A%2F%2Faccounts.google.com%2FCheckCookie%3Fcontinue%3Dhttps%253A%252F%252Fcalendar.google.com%252Fcalendar%252Fu%252F0%252Fr%26service%3Dcl%26osid%3D1%26ifkv%3D{long-id}'
    at IpcRendererInternal.invoke (node:electron/js2c/renderer_init:2:11342)

OldhamMade avatar Dec 05 '24 08:12 OldhamMade

In my case it breaks it for Okta + Slack.

smvicente avatar Feb 14 '25 10:02 smvicente