GNOME Bugzilla – Bug 698817
GOA accounts won't work with Google Apps SSO & SAML
Last modified: 2018-04-17 10:06:09 UTC
Created attachment 242391 [details] screenshot Embeded webkit fails to login to google apps account which has SSO with SAML enabled as the SAML page is behind apache with basic auth or GSSAPI. GSSAPI does not seem to be supported by webkit at all :( But the basic auth fails because popup login window gets it's focus stolen by parrent and you can't log in.
I recently had the opportunity to try a Google Apps deployment with a SSO, but I don't think it was SAML. I can't fix this without access to such a system. Having said that, one option would be to hook into WebKit and instead of showing a popup login window for basic auth we can embed it inside the existing dialog.
WebKitGTK+ now supports GSSAPI/Negotiate via libsoup (bug 587145). If you have a valid Kerberos ticket-granting ticket (or TGT) on your system, then the embedded WebKitWebView should transparently use that to log-in without prompting the user for any further credentials. This works on the GSSAPI/Negotiate based Google Apps deployment that I use at work.
*** This bug has been marked as a duplicate of bug 587145 ***