Also just slightly more context, I did try other browsers (IE11, Chrome) and it did manage to get past 2 factor authentication on RDP on a VPN.
From: Enterprise <[email protected]> On Behalf Of Hoang (US), Victor T Sent: Thursday, August 20, 2020 9:15 AM To: Mike Kaply <[email protected]>; Dylan Romero <[email protected]> Cc: Mozilla.org <[email protected]> Subject: Re: [Mozilla Enterprise] [EXTERNAL] Re: 2 factor authentication errors with charismathics via Remote desktop. 78 ESR Hey Mike, Just for reference, I did unit testing by installing/uninstalling firefox 68.11 and firefox 78.1 multiple times to verify that 68 allows for badges to work over RDP and VPN simultaneously, but not 78.1. The issue before was that in 68, remote desktop would be a little slow and charistmathics timed out after 5 seconds. I worked with someone to have the badge never time out, but now even in 78 it just never works. I will see if I can get permissions to install mozregression on the remote device and run it (its in a secure work environment for which I’m not admin). Are there logs or something that mozregression generates that you’d need me to send you? Appreciate your time, Victor From: Mike Kaply <[email protected]<mailto:[email protected]>> Sent: Wednesday, August 19, 2020 5:51 PM To: Dylan Romero <[email protected]<mailto:[email protected]>> Cc: Hoang (US), Victor T <[email protected]<mailto:[email protected]>>; Mozilla.org <[email protected]<mailto:[email protected]>> Subject: [EXTERNAL] Re: [Mozilla Enterprise] 2 factor authentication errors with charismathics via Remote desktop. 78 ESR This message was sent from outside of Boeing. Please do not click links or open attachments unless you recognize the sender and know that the content is safe. Would it be possible to use mozregression to see if you can figure out when it broke? https://mozilla.github.io/mozregression/ I know that might be difficult with your setup. Mike On Wed, Aug 19, 2020 at 7:03 PM Dylan Romero <[email protected]<mailto:[email protected]>> wrote: Victor, I've seen this also while testing 78 but only while using a Remote Desktop Session over VPN. I thought it may have been due to VPN speed and or latency, but what you are describing is very similar to what I have seen. When trying to authenticate with smartcards over RDP and VPN, Firefox seems to freeze for a few seconds and the report that it timed out trying to authenticate. I didn't see this issue with 68. Thanks, Dylan Romero On Wed, Aug 19, 2020, 5:28 PM Hoang (US), Victor T <[email protected]<mailto:[email protected]>> wrote: Just wondering if anyone has observed any issues with Single Sign On or 2 factor authentication going from 68.x to 78.x ESR on remote devices. My organization has a strange issue where remote desktop devices (or VM’s) aren’t able to authenticate with badges, but firefox seems to see the charismathics badge reading application (with the correct policy loaded). The issue is that there is no status changes and it results in a User_not_logged_in error after it times out. From what I can see, the difference from 68 to 78 is that there seems to be no redirect or TLS handshake that pops up in the status bar in the bottom left of 78 ESR (if anyone might know anything). This issue doesn’t persist when using the local device itself, just when using Remote Desktop Connection or a VM on a server. Perhaps this is a security setting in Firefox 78 that I’m just unaware of? Thanks all, Victor Hoang _______________________________________________ Enterprise mailing list [email protected]<mailto:[email protected]> https://mail.mozilla.org/listinfo/enterprise To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise or send an email to [email protected]<mailto:[email protected]> with a subject of "unsubscribe" _______________________________________________ Enterprise mailing list [email protected]<mailto:[email protected]> https://mail.mozilla.org/listinfo/enterprise To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise or send an email to [email protected]<mailto:[email protected]> with a subject of "unsubscribe"
_______________________________________________ Enterprise mailing list [email protected] https://mail.mozilla.org/listinfo/enterprise To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise or send an email to [email protected] with a subject of "unsubscribe"
