Microsoft Edge and forgotten password failure #1065
Comments
|
We have created an issue in Pivotal Tracker to manage this: https://www.pivotaltracker.com/story/show/167668383 The labels on this github issue will be updated when the story is started. |
LeePorte
changed the title
|
We have had a further report from a user trying to log in |
|
Hi,
can you check in the console? Usually this is related to expired session cookie. Do you see anything in the console?
Regards,
Martijn
…________________________________
From: Lee Porte <notifications@github.com>
Sent: Friday, September 20, 2019 09:13
To: cloudfoundry/uaa <uaa@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Subject: Re: [cloudfoundry/uaa] Microsoft Edge and forgotten password failure (#1065)
We have had a further report from a user trying to log in
When trying to login using corporate device from Edge I'm getting the message below. I'm unable to login to the PaaS.
There is a problem
Invalid login attempt, the request does not meet our security standards and may indicate that the action was not originated by you. Please try again.
OS - Windows 10 Enterprise 1809
Browser - Edge 44.17763.1.0
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub<#1065?email_source=notifications&email_token=ABVZVKUS2BYWMT5EV2UTAWLQKRZZPA5CNFSM4II4ZJ32YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD7FZ5MY#issuecomment-533438131>, or mute the thread<https://github.com/notifications/unsubscribe-auth/ABVZVKR6NA63F55PAAOJCSTQKRZZPANCNFSM4II4ZJ3Q>.
|
|
Hi Martijn, I assume you mean the browser console, is this correct? Thanks Lee |
|
Hi Martijn, There is nothing related to a session cookie in the console, only a minor CSS error. Thanks Lee |
|
o/ We did some investigation to establish what the problem is and how can we fix that for our valued users and I'd like to give a bit of an update on that issue. The actual issue here is, that UAA is always returning It was a little bit of red herring, as in our case it is only visible on Microsoft Edge and Internet Explorer. Here's what's happening:
More details: alphagov/paas-uaa-customized-boshrelease#14 |
|
@paroxp can you please provide a PR to this repo |
What version of UAA are you running?
4.35
How are you deploying the UAA?
I am deploying the UAA
What did you do?
Triggered the forgotten password flow by using the link on UAA. This was then opened by Microsoft Edge (system default browser). This loads the password reset page as expected.
What did you expect to see? What goal are you trying to achieve with the UAA?
I expected to see that the password which met the complexity requirements was accepted.
What did you see instead?
The following error message
Additional info
We have no issues with Chrome, Firefox, Safari. Just with Edge. Unfortunately some of our users are on Enterprise managed Windows estates and are unable to change browsers. Once the password has been reset normal functionality continues with Edge.
The text was updated successfully, but these errors were encountered: