SAML with SSO extension triggering twice

Safari & Web General
francisaugustomedeiros OP
Created 3w
Replies 2
Boosts 0
Views 658
Participants 2

I am developing an SSO Extension so that I can have SSO with Keycloak across applications.

OIDC/OAuth2 works very well.

But I am struggling with SAML. It works, but it seems that the form submission is always triggered twice.

I use decisionHandler(.cancel) to stop the form submission and redirect it to the browser. I still get the form submitted both by the extension and by the browser.

At some point I tried to allow the form submission in the Extension so that I get the redirect with the response to the browser. It still triggered another submission.

Does anyone experience this issue?

Replies  2
Boosts  0
Views  658
Participants  2
DTS Engineer OP
Apple
2w

This is macOS, right? What version?

Also, I want to pass along some general SSO debugging tips:

  • App SSO logs to the com.apple.AppSSO subsystem, so if you’re looking for hints as to what’s gone wrong you should focus on that. See Your Friend the System Log for lots of system log hints and tips.
  • There’s a Single Sign-On debug profile an our Bug Reporting > Profiles and Logs page, and you’ll want to install that while investigating this issue.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
francisaugustomedeiros OP
1w

It's macOS 26.1

My main question is if Apple has any tips on best practices about intercepting SAML authentication requests and how to elegantly pass the assertions back to the browser.

The way I see is that by redirecting the assertion to the browser, the application ends up posting the SAML response twice - one on the extension and another on the browser.

0
SAML with SSO extension triggering twice
First post date Last post date
 
 
Q