Custom protocol siths:// not working for loading the SITHS eID-app in Microsoft Teams anymore

[chribster]

Steps to reproduce

Hello,

I work for Inera a company that delivers IT solutions to the Swedish public sector. We provide an e-identification service called SITHS.

Through our Identity Provider, that usually is used through a web browser, one of our Authentication methods calls upon an application installed on the same computer that then challenges the user for private keys located on a smart card and a PIN.

However Teams no longer supports our custom protocol siths:// for loading the SITHS eID-app that our customers installed on Windows

Expected behavior

This used to work in Teams-apps in earlier versions of Microsofts Teams, but somewhere along the line it stopped working:

1. A user starts a login attempt in an app inside Microsoft Teams
2. Teams loads the apps web-backend service
3. The user is redirected to Ineras IdP-solution within the Teams Window
4. The user chooses the Authentication method "SITHS eID-app på denna enhet"
5. Through the custom protocol siths://, Windows starts the SITHS eID-app on the same Windows computer inserts a smartcard (if not already inserted) and enters their pin-code
6. If successful our IdP issues an SAMLv2 ticket or OIDC JWT to the backend service of the Teams app
7. The user is logged in if it meets the authorization criteria within the app.

Example of how it works in a browser

1. User navigates in the system browser to a webpage that supports SITHS login. For example https://test.idp.ineratest.org
2. The user is redirected to Ineras IdP-solution within the browser
3. The user chooses the Authentication method "SITHS eID-app på denna enhet"
4. Through the custom protocol siths://, Windows starts the SITHS eID-app on the same Windows computer inserts a smartcard (if not already inserted) and enters their pin-code
5. If successful our IdP issues an SAMLv2 ticket or OIDC JWT to the initial webpage
6. The user is logged in if it meets the authorization criteria within the app.

Actual behavior

At step 5 nothing happens when the user clicks the button/hyperlink "SITHS eID på denna enhet" if the app/IdP is loaded within Microsoft Teams as the custom protocol siths:// isn't allowed to open an app within the Microsoft Teams context.

Error details

Instead of opening the SITHS eID-app on the computer when the custom protocol siths:// is called, nothing happens

[microsoft-github-policy-service]

Hi chribster! Thank you for bringing this issue to our attention. We will investigate and if we require further information we will reach out in one business day. Please use this link to escalate if you don't get replies.

Best regards, Teams Platform

[Prasad-MSFT]

Hi @chribster, Microsoft Teams has certain restrictions on custom protocols for security reasons. The content-security-policy does limit which protocols are allowed within the Teams client and we are currently not supporting adding new protocols. In fact, over time we'd much rather shrink it and get to a point where we only render https: content within the Teams client.