Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

XCreds 5 Password Change box displays both AD & Azure prompts on top of each other #256

Open
dstranathan opened this issue Aug 8, 2024 · 6 comments
Assignees
Labels
Milestone

Comments

@dstranathan
Copy link

dstranathan commented Aug 8, 2024

-Logged into Mac with XCReds 5 7130 using Azure creds (while on my AD domain).
-User gets tokens etc.
-Changed password from XCreds drop-down menu (redirected to my orgs Entra portal). Done.
-Eventually Xcreds prompts to update/sync my password.
-I am presented with an Xcreds "Password Update" box that renders BOTH an Azure web view and a AD box on top of each other (and all fields can be populated with input).

If I recall, this was an issue back in 4.1?

I have logs from ~/Library/logs/xcreds.log but will need to send them to you via email or Slack for security.

See screenshots

Screenshot 2024-08-08 at 5 08 07 PM Screenshot 2024-08-08 at 5 09 02 PM
@dstranathan dstranathan changed the title XCreds Password Change box displays both AD & Azure prompts on top of each other XCreds 5 Password Change box displays both AD & Azure prompts on top of each other Aug 9, 2024
@davelebbing davelebbing self-assigned this Aug 9, 2024
@davelebbing davelebbing added this to the XCreds 5 milestone Aug 9, 2024
@davelebbing
Copy link
Collaborator

@dstranathan please show all config settings used for this scenario or attach a mobileconfig.

@dstranathan
Copy link
Author

Jamf MDM profile XCreds 5 7130

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>discoveryURL</key>
        <string>https://login.microsoftonline.com/common/.well-known/openid-configuration</string>
	<key>ADDomain</key>
	<string>redacted</string>
	<key>CreateAdminUser</key>
	<true/>
        <key>clientID</key>
	<string>redacted</string>
        <key>redirectURI</key>
	<string>xcreds://auth/</string>
        <key>map_firstname</key>
        <string>given_name</string>
        <key>map_lastname</key>
        <string>family_name</string>
        <key>map_fullname</key>
        <string>name</string>
	<key>map_username</key>
	<string>samAccountName</string>
        <key>aliasName</key>
        <string>upn</string>
        <key>shouldUseROPGForLoginWindowLogin</key>
	<false/>
	<key>shouldUseROPGForMenuLogin</key>
	<false/>
	<key>shouldUseROPGForPasswordChangeChecking</key>
	<false/>
	<key>KeychainReset</key>
	<true/>
	<key>PasswordOverwriteSilent</key>
	<true/>
        <key>HomeAppendDomain</key>
	<false/>
	<key>autoRefreshLoginTimer</key>
	<integer>600</integer>
	<key>cloudLoginText</key>
	<string>Org Cloud Login</string>
	<key>loadPageInfo</key>
	<string>(make sure you are connected to a network)</string>
	<key>loadPageTitle</key>
	<string>Please Wait...</string>
	<key>loginWindowBackgroundImageURL</key>
	<string>https://foo-extpubcontent.blob.core.windows.net/wwwpub/ITOPS/xcreds/simr_xcreds_loginwindow_00.png</string>
	<key>loginWindowHeight</key>
	<integer>500</integer>
	<key>loginWindowWidth</key>
	<integer>500</integer>
        <key>shouldLoginWindowBackgroundImageFillScreen</key>
        <true/>
        <key>passwordChangeURL</key>
        <string>https://mysignins.microsoft.com/security-info/password/change</string>
        <key>shouldShowSignInMenuItem</key>
	<true/>
        <key>shouldShowVersionInfo</key>
	<false/>
        <key>shouldShowSystemInfoButton</key>
	<true/>
        <key>systemInfoButtonTitle</key>
	<string> System Info</string>
	<key>menuItems</key>
        <array>
        <dict>
	<key>linkOrAppPath</key>
	<string>/System/Applications/Utilities/Keychain Access.app</string>
	<key>menuItemName</key>
	<string>Keychain Access...</string>
	<key>separatorAfter</key>
	<false/>
	<key>separatorBefore</key>
	<true/>
	</dict>
        <dict>
         <key>linkOrAppPath</key>
	 <string>/System/Library/CoreServices/Applications/Ticket Viewer.app</string>
	 <key>menuItemName</key>
	  <string>Ticket Viewer...</string>
	  <key>separatorAfter</key>
	  <false/>
	  <key>separatorBefore</key>
	  <false/>
	  </dict>
           <dict>
			<key>linkOrAppPath</key>
			<string>/Applications/Software Center.app</string>
			<key>menuItemName</key>
			<string>Software Center...</string>
			<key>separatorAfter</key>
			<false/>
			<key>separatorBefore</key>
			<false/>
                </dict>
                <dict>
			<key>linkOrAppPath</key>
			<string>https://foo.service-now.com/sp</string>
			<key>menuItemName</key>
			<string>ServiceNow...</string>
			<key>separatorAfter</key>
			<false/>
			<key>separatorBefore</key>
			<true/>
		</dict>
	</array>
	<key>refreshRateHours</key>
	<integer>0</integer>
	<key>refreshRateMinutes</key>
	<integer>15</integer>
	<key>shareMenuItemName</key>
	<string>Network Drives</string>
	<key>shouldAllowKeyComboForMacLoginWindow</key>
	<true/>
	<key>shouldDetectNetworkToDetermineLoginWindow</key>
	<true/>
	<key>shouldPreferLocalLoginInsteadOfCloudLogin</key>
	<false/>
	<key>shouldPromptForADPasswordChange</key>
	<true/>
	<key>shouldPromptForMigration</key>
	<false/>
	<key>shouldShowAboutMenu</key>
	<true/>
	<key>shouldShowCloudLoginByDefault</key>
	<true/>
	<key>shouldShowConfigureWifiButton</key>
	<false/>
	<key>shouldShowLocalOnlyCheckbox</key>
	<true/>
	<key>shouldShowPreferencesOnStart</key>
	<false/>
	<key>shouldShowQuitMenu</key>
	<true/>
	<key>shouldShowRefreshBanner</key>
	<true/>
        <key>resetPasswordDialogTitle</key>
        <string>Sign in to sync your Mac password with Org</string>
        <key>refreshBannerText</key>
	<string>Sign in to sync your Org password with your Mac</string>
	<key>shouldShowMacLoginButton</key>
	<true/>
	<key>shouldShowSupportStatus</key>
	<true/>
	<key>shouldSwitchToLoginWindowWhenLocked</key>
	<false/>
	<key>showDebug</key>
	<true/>
	<key>usernamePlaceholder</key>
	<string>Username</string>
        <key>passwordPlaceholder</key>
	<string>Password</string>
	<key>verifyPassword</key>
	<true/>
        <key>localFallback</key>
        <true/>
        <key>HomeMountEnabled</key>
	<false/>
        <key>SlowMount</key>
	<true/>
	<key>SlowMountDelay</key>
	<integer>2000</integer>
</dict>
</plist>

@davelebbing
Copy link
Collaborator

Holding to confirm plans to demo with @dstranathan

@davelebbing davelebbing modified the milestones: XCreds 5, XCreds 5.1 Aug 15, 2024
@dstranathan
Copy link
Author

Will confirm I am seeing it on 7147. This can be problematic because you usually cant see the MFA random numbers behind the wonky overlay and thus cant complete a password change because its obscured.

I'll book a meeting soon to demo this. Thanks

@dstranathan
Copy link
Author

Im hoping to follow-up soon in Zoom meeting to show you this issue in a live demo. Apologies for delays.

@dstranathan
Copy link
Author

dstranathan commented Oct 6, 2024

Just saw this issue again on version 5.0 build 7191. Pure accidental (not a forced 'artificial' test) Sonoma Mac laptop was asleep for 3 days. Woke it up and got the prompt to sync passwords, but the UI is overlapped.
This Mac is configured for both Azure and AD. See screenshot.

Edit: Just noticed 5.1 build 7194 is available. Just tested on same Mac in the same state and the prompt UI looked good. I saw the MS Azure prompt only (no AD name/password fields). No screenshot provided.

Screenshot 2024-10-06 at 13 44 46

@davelebbing davelebbing modified the milestones: XCreds 5.1, XCreds Future Oct 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants