[Webkit-unassigned] [Bug 236834] New: [GTK] Azure portal login with Kerberos requires page reload

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Feb 18 04:50:05 PST 2022 

https://bugs.webkit.org/show_bug.cgi?id=236834

            Bug ID: 236834
           Summary: [GTK] Azure portal login with Kerberos requires page
                    reload
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: PC
                OS: Linux
            Status: NEW
          Keywords: Gtk
          Severity: Major
          Priority: P3
         Component: WebKitGTK
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: brian at interlinx.bc.ca
                CC: bugs-noreply at webkitgtk.org

I am experiencing a weird issue with WebKitGTK (2.34.5) and the Microsoft/Azure AD/SSO OAuth2 login service.  Specifically in the case of trying to authenticate for EWS/O365 e-mail with an AD/Kerberos ticket.

What happens is that Evolution tries to authenticate to the O365 mail account, which is configured for OAuth2 and in doing so an Azure OAuth2 authentication dialog is opened in a WebKitGTK widget.  The URL that is opened in that web view is supposed to use the Kerberos ticket to perform the authentication and then the web view widget is supposed to close (without any input required from the user).  During this time, a service ticket for HTTP/autologon.microsoftazuread-sso.com at CORP.EXAMPLE.COM is used to perform the authentication.

What is happening however is that the Azure authentication page loads but rather than completing the authentication with the Kerberos ticket, it asks me for my password.  If I enter my password, the authentication in Evolution will continue and Evolution will display my e-mail.  However(!), and this part is important, if rather than entering my password into that web view of the Azure authentication page, I simply Reload the web view, the Kerberos authentication will work and I won't have to enter my password.

I see this same behaviour in Epiphany when trying to use the same URL as the web view in Evolution.  I have to load the URL twice before the authentication succeeds.

If I do the same thing, load the URL in Chrome, it works on the first try and no Reload is necessary.

Unfortunately, I cannot supply the URL in question as it's related to my work-place's use of MS services and has work-place specific components to the URL.  You would not be able to use the URL anyway, as you won't have the AD/Kerberos ticket required to be able to reproduce.  I am more than happy to provide the results of any debugging steps you might want me to do however.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220218/318b2c4e/attachment-0001.htm>

More information about the webkit-unassigned mailing list