SAML login fails in Internet Explorer 11 #13106
Comments
stefanraubal
added
status: waiting-for-triage
|
Hello @stefanraubal, thanks for the report. I agree that it should not fail with IE 11 since it will be supported by Edge compatibility mode until 2029. However, I changed the tests to use Internet Explorer 11 and they still pass, can you check that sample and see if I'm missing something? |
marcusdacoregio
added
in: saml2
jzheaux
added
the
status: waiting-for-feedback
|
Hello Marcus,
Sorry for the late response.
I don’t know what internal JavaScript engine your test environment uses, but if you just try it out on a MS Edge with “Reload in Internet Explorer mode” you will see that the forwarding process fails.
Kind regards, Stefan
From: Marcus Hert Da Coregio ***@***.***>
Sent: Donnerstag, 27. April 2023 15:52
To: spring-projects/spring-security ***@***.***>
Cc: Stefan Raubal ***@***.***>; Mention ***@***.***>
Subject: Re: [spring-projects/spring-security] SAML login fails in Internet Explorer 11 (Issue #13106)
Hello @stefanraubal<https://urldefense.com/v3/__https:/github.com/stefanraubal__;!!NknhfzgzgQ!yGxhpCANY4U_6S6Eflu9KvBy12VHDzKLtYoOCpsDzFZyG21ELwlDlZzAgXYImE2iP_p5YH3GAIrCSIhtlY8VU8fkXht0dQ$>, thanks for the report.
I agree that it should not fail with IE 11 since it will be supported by Edge compatibility mode until 2029. However, I changed the tests<https://urldefense.com/v3/__https:/github.com/marcusdacoregio/spring-security-samples/commit/f27ac24b73adaf24a216e256303a2b2b62f306f0__;!!NknhfzgzgQ!yGxhpCANY4U_6S6Eflu9KvBy12VHDzKLtYoOCpsDzFZyG21ELwlDlZzAgXYImE2iP_p5YH3GAIrCSIhtlY8VU8f7FBrSfA$> to use Internet Explorer 11 and they still pass, can you check that sample and see if I'm missing something?
—
Reply to this email directly, view it on GitHub<https://urldefense.com/v3/__https:/github.com/spring-projects/spring-security/issues/13106*issuecomment-1525734706__;Iw!!NknhfzgzgQ!yGxhpCANY4U_6S6Eflu9KvBy12VHDzKLtYoOCpsDzFZyG21ELwlDlZzAgXYImE2iP_p5YH3GAIrCSIhtlY8VU8dpdaS7Sg$>, or unsubscribe<https://urldefense.com/v3/__https:/github.com/notifications/unsubscribe-auth/A7O4HVUV66T3VMYBFRJ3NR3XDJ2ZVANCNFSM6AAAAAAXNZLVQE__;!!NknhfzgzgQ!yGxhpCANY4U_6S6Eflu9KvBy12VHDzKLtYoOCpsDzFZyG21ELwlDlZzAgXYImE2iP_p5YH3GAIrCSIhtlY8VU8cGttbXQw$>.
You are receiving this because you were mentioned.Message ID: ***@***.***>
Confidentiality note: This e-mail may contain confidential information from Clarivate. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this e-mail is strictly prohibited. If you have received this e-mail in error, please delete this e-mail and notify the sender immediately.
|
spring-projects-issues
added
status: feedback-provided
|
Hi @stefanraubal, I was able to reproduce the behavior consistently manually. I've scheduled the fix for 5.8.4 and 6.0.4. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
SAML login fails in Internet Explorer 11
As a side effect of 00302c8 not only the way the form is submitted changed (from body onload attribute to a script tag) but also the JavaScript language requirements changed due to the (unnecessary) usage of the array function syntax.
This statement could still be written in a way that all currently used browsers can execute it successfully.
As a mostly backend library, Spring Security imho should not have too high browser requirements (and there are still a lot of Enterprise web apps out there that require IE 11 - that's why Microsoft will support it as a mode in Edge until 2028 or so!).
To Reproduce
Expected behavior
No JavaScript error should occur but the form should be submitted correctly to the
Sample
Setting up a test system with SAML should not be a problem for your team. ;)
Thanks a lot for checking this issue and helping us.
Stefan
The text was updated successfully, but these errors were encountered: