Has anyone seen a problem with firefox 92 stripping out headers? My scenario is I have an AD FS server that I use for single sign on with a domain name that is different… (funda kabanzi)
Has anyone seen a problem with firefox 92 stripping out headers? My scenario is I have an AD FS server that I use for single sign on with a domain name that is different from the application that it federated with. When I attempt to login using Firefox, the traffic flows as:
1. Hit the app url and get 302 redirected to the IDP
2. enter credentials at the IDP and get redirected to the app url
3. the app has an internal and external claims URL, so the internal claims url 302 redirects me to the external url
4. FF brings up the external url, but does NOT pass the MSISAuth and MSISAuth1 cookies from the IDP
5. The app thinks I've not authenticated, so it 302 redirects me back to the IDP
6. The IDP sees the MSISAuth and MSISAuth1 cookies, so it knows it authenticated me and it 302 redirects me back to the app
wash, rinse, repeat for 5 times until AD FS realizes that I've done this 5 times, then it throws an error at me to stop the loop.
This was working fine in FF 91 and it currently works in Chrome and Edge. The expected flow is almost the same, except that the app get's the cookies presented to it from AD FS.
I was thinking this was something to do with Enhanced Tracking Protection. When I selected Custom and unchecked all the options (I think this disables ETP) I still get the cookies stripped from the header. I re-enabled ETP with standard protections and manually added the URLs using the steps outlined at https://bugzilla.mozilla.org/show_bug.cgi?id=1432644#c27. Is this a bug where FF doesn't honor the settings to disable ETP in V92? The reason I was thinking that ETP was to blame is the IDP has a domain of IDP.example and the app has the URL's of internalclaim.app and externalclaim.app.