• Maciek Slusarczyk's avatar
    Change in SAML password change flow that addresses b/145206636. · f3447f31
    Maciek Slusarczyk authored
    Current implementation of SAML password change flow has 2 issues and does not
    work for Okta IdP:
    
    * Empirically chosen timeout used by Authenticator before communicating
    injected code on IdP page is too short. As a result injected code sometimes
    does not know where to send the message back.
    * Password scraping does not work for Okta since it is based on the number of
    scraped passwords and Okta has 2 old (the one used to authenticate is re-typed)
    and 2 updated (new + verified). As a result code is not able to determine how
    to change local credentials and asks user for confirmation every time.
    
    2 changes has been introduced in order to address the issue: timeout was
    extended to 2s and new logic based on password field ids replaces existing
    logic for Okta.
    
    Bug: 145206636
    Change-Id: I0e5083911fd129e4c04e76c07ef5f90cfa5039e0
    Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1943140
    Commit-Queue: Maciek Slusarczyk <mslus@chromium.org>
    Reviewed-by: default avatarRoman Sorokin [CET] <rsorokin@chromium.org>
    Reviewed-by: default avatarXiyuan Xia <xiyuan@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#721929}
    f3447f31
saml_handler.js 23.5 KB