Shibboleth login on client

Hi,

Starting from 6.2 pro and on 6.2.4 also, the shibboleth login on the client is not fluent
YOu have to log twice to browse the server

  1. Select the IDP from the WAYF and authenticate

  1. You’re not connected : the WAYF is displayed and you have to select the IDP and click on the button

Then you’re connected.

Is the problem related to the server or to the client (6.1.3) ?

Regards

Gautier

Hi @daniel.pan,
I still have this problem on 6.1.6 windows client.
The login interface is also difficult to use, all the fields have very few height (< 5px)

Regards

Do you have the same problem in the web login? The client just display the web page using embeded chrome web view. The process should be the same as users login via web interface.

This looks like a CSS related problem with the web page.

No, i do not have this problem on web UI (Chrome browser).

This problem occurs on two different WAYF services
How can I diagnose this problem in order to report it to the WAYF provider ?

Regards

Can you send me a test account? I will try the login process in the client.

After testing on both a Mac and a Windows machine, I find that the twice login problems only occurs in the Windows machine. I will look at the problem later.

The small input line problem does not occur in neither of the Mac and the Windows machine.

It’s weird, because it occurs on any of our windows machines…

Regards

To let you know, the issue occurs also on seadrive 0.91 client
And seadrive 0.91 also ask for login at first startup…

It’s quite annoying for all of our users…
Regards,

We will look into the problem again in this week.

Hi Daniel,

Can you give any feedback about this problem ?

Regards,

Gautier

Earlier today we debugged the shibboleth login problem on windows, using the account you sent us. The windows client behaves exactly the same as the mac client: go to the IDP service to authenticate, and then redirects back to seafile server. The difference appears here: with the mac client, the seafile server would take the user as authenticated, but with the windows client it thinks the user is not authenticated yet, so it redirects to the IDP service again.

So far we don’t have a clear conclusion about this, but it’s very likely a problem on your IDP service.

For some tech background, seafile client uses an embedded browser to do the shibboleth-based single sign on. The windows version of seafile client is built with an webkit-based browser, while the mac version is built with the latest chromium-based browser.

So it’s possible that the login-process of your IDP doesn’t work smoothly with the webkit-based browser. Actually I think that’s also the reason of “login-fields has few < 5px hight” problem.