Error wirh MFA
NYU has used gmail combined with shibboleth MFA for over a decade. When there's a password change, TB opens a window using it's own browser (n.b.: this is different than the browser used when clicking on a link) and you go from there. This morning I did my yearly password change and now, after the initial accounts.goole window, when I get redirected to the shibboleth window, I get a 403 error. I also get a warning about invalid certificate. I tried pressing the "Get Certificate" button, but nothing happens.
A few thing to note: - I run TB (128.5.2) on a Mac Sequoia - no issues when logging into NYU using Firefox or Chrome or Safari. - I cleared the TB cache and cookies. - I created a new TB profile and tried starting from scratch. - I restarted TB with add-ons disabled
Nothing seems to solve the problem. Unfortunately NYU's IT can provide only limited help with 3rd party apps like TB.
I really depend on using TB, been using since the first release and have add-ons that I use on a regular basis.
Thanks,
Modified by valerio3
All Replies (8)
Are you using the part of the address before the @ as the User Name or the full email address?
https://support.mozilla.org/en-US/questions/1444845
Certificate type errors are usually caused by antivirus apps that don't exclude the TB profile folder (the recommended setting).
When you try to log in you get a pop-up window from accounts.google and I enter the username there (it's a google window with the domain already filled in), but when I hit "next" I get a 403 from the next window.
This has been working fine for years, I haven't changed anything recently. I don't have antivirus apps running.
Update: I now have an issue sending messages from my personal gmail account using TB. I get a timeout contacting smtp.gmail.com. I can read the messages.
So the problem seems to be with gmail.com ...
Modified by valerio3
OK, so now my personal gmail account works. I guess that was a temporary glitch. My NYU email is still broken.
The User Name is entered in Account Settings/Server Settings and also in Outgoing Server (SMTP). When the OAuth window appears to allow access, the email address should be auto-filled. If it isn't, it's because cookies aren't accepted in TB Settings. Same for the gmail account, although for that the User Name should be the full address.
Thanks for you input, but I'm afraid you're missing the problem. It's not the settings, which are correct, but the authentication, that was forced after this morning's mandatory password change. When you connect to a gmail account, TB opens a window using it's own browser to a page of accounts.google where you can enter your username. Normally you would then proceed to another google page where you would enter password. Enterprise accounts can modify this behavior. In the case of NYU, after you enter your username, you are redirected to NYU's MFA page. It's at this point that I get the 403 code. Since I can reach the MFA from other browsers without a problem, I can only conclude that the certificate issue is what's keeping TB's browser to connect properly and I can't figure out to reset that. Even a different profile and starting from scratch does not seem to work.
You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.