Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SAML SSO Module with Microsoft Azure 2fa Error #3825

Closed
SecureCPU opened this issue Feb 26, 2024 · 5 comments
Closed

SAML SSO Module with Microsoft Azure 2fa Error #3825

SecureCPU opened this issue Feb 26, 2024 · 5 comments

Comments

@SecureCPU
Copy link

When I activate SAML SSO Module for Freescout with Microsoft Azure it works perfectly in the browser, and in the app, unless I have a 2fa method setup with a Security Key, then the app doesn't work.

If I setup 2fa in Microsoft with an Authenticator App it works perfectly. But if a Security Key is setup, Even if the Authenticator App is still setup, Microsoft tries the Security Key first.
With other apps that don't with the security key, there was always an option to switch to the authenticator, but here in the Freescout Android App it just shows a Blank Page after entering in my Microsoft Password.

Again this is only on the Android app, not the browser.
@SecureCPU SecureCPU changed the title SAML SSO Module with Microsoft Azure 2fa Error SAML SSO Module with Microsoft Azure 2fa Error in Android App Feb 26, 2024
@freescout-helpdesk
Copy link
Owner

Apparently Freescout Android App won't work with this your configuration.

@SecureCPU
Copy link
Author

Now I'm getting this error:

Screenshot_20240307_183106_FreeScout.jpg

How do I fix the configuration for microsoft SAML?

@SecureCPU
Copy link
Author

According to microsoft the problem lies within the built-in browser of the Freescout app. Is there anyway to configure the android app to use the phones browser instead of s built in one?

@freescout-helpdesk
Copy link
Owner

Unfortunately not. We'll add a notice to Module's page.

@SecureCPU
Copy link
Author

Hi, so this isn't just the android app, but even through the browser.
its regarding an issue where its already signed in but needs to reuthinticate.

This was the resolution for the issue:

Root cause:
The application is requesting the user to sign in using a specific method but the user has already authenticated with a different method prior to access the application. For example, in the SAML request the application has a RequestedAuthnContext with the specific AuthnContextClassRef value urn:oasis:names:tc:SAML:2.0:ac:classes:Password but the user has used multifactor authentication to sign in.

Resolution:
Request to the developer of the application to remove the RequestedAuthnContext from the SAML request.
Another option is to request the application owner to always prompt the user for a fresh authentication. To accomplish this, the application needs to add the value forceAuthn="true" as a parameter in the request to Microsoft Entra ID.

@SecureCPU SecureCPU changed the title SAML SSO Module with Microsoft Azure 2fa Error in Android App SAML SSO Module with Microsoft Azure 2fa Error Mar 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@freescout-helpdesk @SecureCPU