发表新帖
发表新帖

Azure Active Directory Safari Redirection Issue

前端 未结
关注
2 1228
清酒与你
清酒与你 2021-01-31 11:23

There seems to be a current issue with logging into Microsoft Online with Mac OS and iOS devices utilizing the newest version of Safari (12).

The updates on Safari 12 a

相关标签:
2条回答
  • 你的背包
    2021-01-31 11:38

    There is a solution documented by the aspnet/security team on GitHub.

    https://github.com/aspnet/Security/issues/1864

    If you are using ASP.NET Core Identity you disable the protection by configuring cookies with the following code

    services.ConfigureExternalCookie(options => {
    // Other options
    options.Cookie.SameSite = SameSiteMode.None; }); services.ConfigureApplicationCookie(options => {
    // Other options
    options.Cookie.SameSite = SameSiteMode.None; });

    If you are using cookie authentication without ASP.NET Core identity you can turn off the protection with the following code

    services.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options => {
    // Other options
    options.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.None; })

    If you are using external OIDC providers you may be able to avoid the issue by changing the response mode your provider uses from a POST to a GET request, using the following code. Not all providers may support this.

    .AddOpenIdConnect("myOIDProvider", options => {
    // Other options
    options.ResponseType = "code";
    options.ResponseMode = "query";
};
    0 讨论(0)
  • 悲哀的现实
    2021-01-31 11:50

    You are correct. There are some known issues with AAD's Safari compatibility. You can make a new feature request in User Voice or upvote and subscribe to some of the existing ones.

    https://support.microsoft.com/en-us/help/2535227/a-federated-user-is-prompted-unexp https://feedback.azure.com/forums/223579-azure-portal/suggestions/34373635-fix-signing-in-in-safari https://feedback.azure.com/forums/223579-azure-portal/suggestions/7513912-does-not-work-well-on-safari-but-works-fine-on-chr

    UPDATE: the product team has gotten back and replied that this is an issue on Apple's end. The current status is that the Apple team and Microsoft's PG team are working on it but there is nothing that the Microsoft development team can do because there is nothing wrong on Microsoft's side. The issue is that Apple is not properly sending cookies to login.microsoftonline server because of the new privacy and security updates. https://developer.apple.com/safari/whats-new/

    0 讨论(0)
 看不清?
提交回复
热议问题