Jump to content
Welcome to our new Citrix community!
  • 0

Published Microsoft Edge Browser and SSO to Sharepoint 365 dont work - are prompted for login cred


Henrik Christensen1709154275

Question

Hello guys

My scenario: OS is Windows 10 1909 Multi-session

VDA is 1912 CU2

I want to publish an Edge browser with a sharepoint 365 start page (company intranet). Also, SSO into M365 with no prompts.

This works perfectly when using a published Desktop and also from a published Internet Explorer

It also works in Edge - if the user has made a login to the published desktop just once.

But it dosent work in a seamless published Edge.

Executing a dsregcmd /status in the user context shows all it good

 

Any ideas are welcome

Link to comment

6 answers to this question

Recommended Posts

  • 0

The solution:

 

After having created a support case @ m$ we managed to get this solved

Windows 10 build 1909 uses WAM (web account manager) authentication.

Since the issue only happens in a published application scenario, hence currently the only way to overcome this issue is to force OneAuth to be used, instead of WAM.
This can be achieved by publishing Edge with the --force-oneauth command line argument. Below is the configuration to use:

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --force-oneauth

 

Hope this helps if encountered by others

  • Like 1
Link to comment
  • 0

signin.thumb.png.7bd4c3b6058324af069dfcd27cea59a7.png

19 minutes ago, Christoph Sinabell said:

Hi,

 

Is it still working in IE if you reset the profile? Please look here: https://support.citrix.com/article/CTX127874. For IE in published app this was the issue in many cases, maybe it also adheres to Edge.

 

Regards

Yes, it always works in IE with a fresh profile

I also tried the /AlternateShellStartup with no luck

Also,  valuable info is that Edge is launching fine, but prompts the user for M365 credentials (it should not prompt and does not when run inside a desktop session). And you can't sign in if you try from the page prompt or clicking on the user icon in the top right corner (srndump attached)

signin.png

Link to comment
  • 0

Hi,

 

Ok, then I guess it's the same like Google Chrome. MS wants you to use their sync and not use roaming profiles. This is a configuration which works for us:

 

Please check your roaming configuration. First include the following to the list of synchronized folders:

AppData\Local\Microsoft\Edge

AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy

AppData\Local\Microsoft\OneAuth

 

then exlude those folders from synchronization:

AppData\Local\Microsoft\Edge\User Data\Ad Blocking

AppData\Local\Microsoft\Edge\User Data\BrowserMetrics

AppData\Local\Microsoft\Edge\User Data\Crashpad

AppData\Local\Microsoft\Edge\User Data\PepperFlash

AppData\Local\Microsoft\Edge\User Data\Safe Browsing

AppData\Local\Microsoft\Edge\User Data\ShaderCache

AppData\Local\Microsoft\Edge\User Data\SmartScreen

AppData\Local\Microsoft\Edge\User Data\Subresource Filter

AppData\Local\Microsoft\Edge\User Data\Trust Protection Lists

AppData\Local\Microsoft\Edge\User Data\WidevineCdm

AppData\Local\Microsoft\Edge\User Data\Default\blob_storage

AppData\Local\Microsoft\Edge\User Data\Default\BudgetDatabase

AppData\Local\Microsoft\Edge\User Data\Default\Cache

AppData\Local\Microsoft\Edge\User Data\Default\Code Cache

AppData\Local\Microsoft\Edge\User Data\Default\File System

AppData\Local\Microsoft\Edge\User Data\Default\GPUCache

AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB

AppData\Local\Microsoft\Edge\User Data\Default\JumpListIconsRecentClosed

AppData\Local\Microsoft\Edge\User Data\Default\JumpListIconsTopSites

AppData\Local\Microsoft\Edge\User Data\Default\Local Storage

AppData\Local\Microsoft\Edge\User Data\Default\Storage

AppData\Local\Microsoft\Edge\User Data\Default\Service Worker

AppData\Local\Microsoft\Edge\User Data\Default\Web Application

 

Regards

Link to comment
  • 0

Hi Guys i am able to get ti the login page >>> enter my work id >>> enter my credential>> it takes me to SSO page for multifactor authentication (which gives me an option to select my mobile number to do the verification)>>but nothing on this page works i am unable to click anything .

 

Any suggestions   ??

 

thanks

 

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...