AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Webex teams troubleshooting4/29/2023 ![]() ![]() ![]() Microsoft Teams Live Events are an extension of Teams meetings that enable you to schedule and produce events that stream to large online audiences. Note: This might be somehow counter intuitive as the Authentication site is, not - yet the problem in Teams is that the Chrome Extension is not loaded fast enough by the Browser and therefore injection fails on .īrowser Content Redirection treats websites whitelisted under the Authentication sites policy as child websites that must remain redirected if the parent website was in the ACL whitelist policy. In the Teams case then, is the child website of the parent This URL ( *) should now be whitelisted also in the 'Authentication Sites' policy in Studio. Please also note that Teams will require to add * to the Authentication Sites.Īfter a successful authentication, the overlay browser HdxBrowserCef.exe is pointed back to Important: Please note that any IdP/SSO websites your organization deployed to authenticate users in O365 will also need to be added to the Authentication Sites policy (e.g. The user will end up being redirected to an Office 365 Authentication website that is linked to Teams (see screenshot above), but this time the website will be running locally on the endpoint's overlay browser that is part of Workspace app (HdxBrowserCef.exe). The Chrome Extension will now be able to inject HdxVideo.js, and the first redirection happens. So whitelisting the following URL in the BCR ACL policy in Studio will achieve the objective, thanks to wildcards: Since Admins might not want to redirect the entire domain, better granularity can be achieved by leveraging a common parameter in OAuth 2.0 ( redirect_uri, where the App name is embedded in the URL). In this case, the url * needs to be whitelisted in the ACL policy in Studio. These redirections occured very fast, and the HdxVideo.js javascript that the Browser Content Redirection Chrome Extension needs to inject is not done in time. (Hence it is critical that the right syntax is used when whitelisting a website, like http or https, with or without Once the browser loads this page, it 'rests' and waits for user input. The 'Preserve Log' check-box should be ticked, otherwise entries are cleared automatically.Ī user typing will get an HTTP 307 response from the webserver, repointing the browser to It is essential that the Developer Tools is used to understand the website's behavior before configuring any policy. In other words, after the overlay browser in Workspace app (HdxBrowserCef.exe process on the client machine) has established a connection to a web server, the authentication is done between HdxBrowserCef and the server (and not between the VDA-side browser and the server).Īs an example of BCR redirections, we will look into: So if the client machine is not domain joined, the authentication page will ask for user name and password (and maybe other MFA) the behavior shall be similar to opening the website in incognito-mode in a browser in the client machine. Once the website is redirected to the client successfully(client fetch client render and/or server fetch client render), the authentication part is done client-side, not VDA-side. See CTX230052 (current limitations section)ĬWA 1907 for Windows and higher fixes this problem]. This is because our overlay browser (HdxBrowser.exe or HdxBrowsercef.exe) cannot display that window, hence the user is stuck on a blank page. [Note: websites that rely on Integrated Windows Authentication, or that require a pop-up Windows Security message box are not handled correctly by BCR with CWA 1905 or older. While the description in edocs tries to cover the general cases, there are some websites using intrinsic redirection mechanisms that make the whitelisting process more difficult. ![]() Browser content redirection authentication sites (a.k.a the authentication sites policy) Browser content redirection Access Control List (ACL) policy settings (a.k.a the ACL policy) Two policies are exposed in Studio for that purpose: Browser Content Redirection is a technology built around a URL whitelisting mechanism.
0 Comments
Read More
Leave a Reply. |