3

I have a website freshly deployed on the internal network of a client. I can test it only by remote desktop on a Windows Server 2012.

The website performs SAML authentication: the browser first receives a session cookie from the website, then is redirected to the SAML identity provider, and comes back to the website with the SAML response, where it also sends back the session cookie. This works fine with Chrome, but for some reason IE11 won't send back the session cookie, which prevents the server from accepting the SAML authentication.

I have no idea why IE11 fails to send the session cookie. I have checked in the Network pane in debug tools, and I do get the cookie (though I can't confirm IE is actually storing it) :

Set-Cookie ASP.NET_SessionId=yzk4rdznlg534so2xuxqmuv4; path=/; HttpOnly

Then I am redirected to the identity provider, but when coming back to the website, it doesn't send the cookie. The cookie is HTTP only so I can't check in the console if it is stored or not. I have used the instructions posted here to see stored cookies, and I can't see a cookie for my website at any time (though redirections happen fast, so it could possibly be added and then removed before I have a chance to see it).

I also believe I have explored all possible security and privacy settings to allow everything, to no avail.

In case it's important, the site URL has no dot (it's https://mmr-pp_sef/)

Any idea how I could troubleshoot what is (or isn't) happening?

Victor Leontyev
  • 8,488
  • 2
  • 16
  • 36
youen
  • 1,952
  • 1
  • 23
  • 32
  • Are you in a compatibility mode of your IE11? – Will Huang Aug 01 '17 at 15:50
  • I didn't do anything about that, but how can I verify that I'm not? – youen Aug 02 '17 at 12:37
  • Any chance that this happens in an iFrame? IE does not like third party cookies by default. – vap78 Aug 04 '17 at 18:51
  • @vap78 No, there is no iframe on this page. I'm (obviously) still interested to understand what happens, but actually I'm moving on to other stuff because the client told me end users won't ever use internet explorer, so this bug doesn't need to be fixed... – youen Aug 07 '17 at 07:41

1 Answers1

0

Well, turns out that it IS related to the URL used (should have checked myself sooner instead of just pointing out that the URL was weird in my question).

Apparently, IE will not store cookies if there is an underscore _ in the host name. This can be verified by modifying your "hosts" file:

  1. Open the file C:\Windows\System32\drivers\etc\hosts (you'll need admin rights)

  2. Add this line at the end and save the file:

    127.0.0.1 test_site

  3. Enter the URL http://test_site in your browser (this assumes your web server listens on 127.0.0.1)

  4. Observe that IE won't store any cookie.

The only workaround I have at this time is to use another host name, that does not contain an underscore, such as test-site.

youen
  • 1,952
  • 1
  • 23
  • 32