-
|
From testing SEB with web based applications using Azure Active Directory for SSO we are finding that SEB is passing through the domain account logged in to Windows to sign in to the application. For the use case we have, we want the participants to login to the web applications with a different account than is logged in to the PC. (All the session reset/clear cache options are enabled in SEB so we don't believe this is a browser session carrying over.) This issue also seems to be happening on some PCs and not others, even when using the same config. What we would expect to happen is that SEB is unaware of the domain user and that there should be no pass through of credentials so the user can login to SSO with whatever account we wish. Is this expected behaviour, and if so are there settings we are missing that would disable this behaviour in the config file? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 4 replies
-
|
No, that is definitely not by design and is furthermore hardly related to SEB (unless that is a feature of Chromium we're not aware of). Are you sure that your web application / Azure AD configuration does not have some form of automatic login active, e.g. based on the host name, IP or some other (operating system resp. user) information? For a list of all configuration options, please refer to our documentation: https://safeexambrowser.org/windows/win_usermanual_en.html#configuration. |
Beta Was this translation helpful? Give feedback.
-
|
To test whether the issue relates to the browser engine, you could try to open your web application in the CEF sample application: https://cef-builds.spotifycdn.com/index.html. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks, this is really helpul :) |
Beta Was this translation helpful? Give feedback.
-
|
Hi, The sample client does have the same issue, looks like if you have AAD Seamless Single Sign-On configured on your domain Chromium can pick up the work account from a domain joined PC in the same way the Microsoft Edge and Google Chrome can and sign you in without prompting for a username and password. As firefox doesn't use the same Chromium engine it is always prompting for username and password for AAD logins whereas the others don't. We are going to try and use "local" accounts rather than domain accounts to login to the PC and see if that solves our problem, but it would be really handy to have an "off" switch for this in the SEB config to stop it working with AAD Seamless Single Sign-On. |
Beta Was this translation helpful? Give feedback.
-
|
Please do feel free to propose a feature request, if it is as simple as passing a configuration flag to the engine, then we'll likely be able to take that into an upcoming version. |
Beta Was this translation helpful? Give feedback.
Hi,
The sample client does have the same issue, looks like if you have AAD Seamless Single Sign-On configured on your domain Chromium can pick up the work account from a domain joined PC in the same way the Microsoft Edge and Google Chrome can and sign you in without prompting for a username and password.
As firefox doesn't use the same Chromium engine it is always prompting for username and password for AAD logins whereas the others don't.
We are going to try and use "local" accounts rather than domain accounts to login to the PC and see if that solves our problem, but it would be really handy to have an "off" switch for this in the SEB config to stop it working with AAD Seamless Single …