Welcome Guest Search | Active Topics | Sign In | Register

Essential Objects Product Support Forum » All Products » Support » Multi Factory Authentication appears despite exceptions

Multi Factory Authentication appears despite exceptions Options
Previous Topic · Next Topic
Riephi
Posted: Wednesday, January 8, 2025 8:09:27 AM
Rank: Advanced Member
Groups: Member

Joined: 7/17/2015
Posts: 54
Dear Support Team,

one of our customers recognized an issue with Multi Factor Authentication. MFA should be suppressed on some devices.
When they launch their application in Chrome or Edge everything works fine. The exceptions pull and MFA remains suppressed. But if they load their application in our client using your browser in version 24.2.81, the MFA popup occurs even though they have set up exceptions on the server side.

In Azure the following exceptions are set:
- Require device to be marked as compliant (Windows 11 devices)
- Require Microsoft Entra hybrid joined device (Windows 10 devices)
- the device accesses from one of the defined IP address ranges

Are there some settings we could set for the WebBrowser, so that the MFA does not occour?
Or does your browser has a different marking so it is not recognized as a Chromium browser?

Best regards!
Back to top
 
eo_support
Posted: Wednesday, January 8, 2025 4:35:30 PM
Rank: Administration
Groups: Administration

Joined: 5/27/2007
Posts: 24,245
Hi,

Please try the latest build and see if it works for you. The current version (v25) switched to a more integrated mode with the Chromium browser engine thus inherited many more default Chromium behaviors, some of them might affect whether it is being recongized as a Chromium browser.

Thanks!
Back to top
 
Riephi
Posted: Tuesday, January 14, 2025 10:27:34 AM
Rank: Advanced Member
Groups: Member

Joined: 7/17/2015
Posts: 54
Hi,

thanks for your reply! Unfortunately the actual build doesn't work either.

But we have some more information: We compared the SAML2 requests of the different browser in the customers trace, and in the requests of your WebBrowser the device id is missing (like in Incognito mode), which they use for their MFA exceptions.

We found out that your browser seems to behave like Chrome or Edge in Incognito mode. In Incognito mode the SAML2 Authentication is not working.

Is there a way to configure the browser so that it doesn't behave like it does in incognito mode? Is it possible to configure session or token expiration?

Best regards!
Back to top
 
eo_support
Posted: Tuesday, January 14, 2025 3:24:20 PM
Rank: Administration
Groups: Administration

Joined: 5/27/2007
Posts: 24,245
Hi,

EO.WebBrowser does not use incognito mode. However it does NOT share any cookies your system browser generates. So for example, if you login through Google Chrome on the computer, whatever authentication credentials saved by Google Chrome will not be shared with EO.WebBrowser. So when you visit the site with EO.WebBrowser, it will be as if you have never logged in with Google Chrome. Could this be the problem?

Thanks!
Back to top
 


You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.