Updating handling of SSL error in WebView, Fixes AB#3268908 #2688
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
✅ Work item link check complete. Description contains link AB#3268908 to an Azure Boards work item. |
github-actions
bot
changed the title
mohitc1
added
Skip-Consumers-Check
|
❌ Work item link check failed. Description does not contain AB#{ID}. Click here to Learn more. |
mohitc1
added a commit
that referenced
this pull request
Jun 30, 2025
…edSslError callback, Fixes AB#3268908 (#2691) Update: After talking to @iulico-1 from OneAuth. 1. First rolling out with Broker and keeping disabled for OneAuth (and MSAL Android). Added SSL error telemetry 2. Enable for oneauth after we see no issues in Broker. So, the toggle code to let OneAuth enable/disable is removed from the PR. 3. Investigate how we can pass the error to OneAuth to track SSL failure and User canceled the flow because of SSL error. ===================== Fixes [AB#3268908](https://identitydivision.visualstudio.com/fac9d424-53d2-45c0-91b5-ef6ba7a6bf26/_workitems/edit/3268908) **Summary:** This PR updates the handling of SSL errors in the Android WebView used for authentication. The change is in response to an incident where the MSA sign-up flow failed due to an expired certificate on an MSA UX web page. The expired certificate was associated with a resource loaded by the page; however, the existing SSL error handling in Common’s WebView would cancel the loading of that resource and subsequently terminate the entire authentication flow. (See PBI for details.) **Solution** **Option 1** We simply log and stop loading the resource that caused the error by calling `SssHandler.cancel()` but not stop the flow by erroring out. This is a simple change. The only thing is the main URL (the url loading in the WebView) itself has SSL error then the flow would end up in *blank page*. This is as bad as finishing the flow but does not inform calling app of the error via exception. But if sub-resource has the error, then the flow continues. **Flighting** **New SSL Error Handler**: - ~~Adds a new intent key (`WEB_VIEW_NEW_SSL_ERROR_HANDLER_ENABLED`) in `AuthenticationConstants.java` to control whether the new SSL error handler logic is enabled. This can be used by OneAuth to opt-in or opt-out. If the key is not passed, then Common's default logic based on flighting will be used. If the key passed, that will be used (primarily meant for OneAuth/MSALCPP).~~. The toggle would be added later if required. This simplifies current logic to only rely on Common/broker's flighting. - Adds a new flight value is well defaulting to `false`. So, OneAuth and MSAL would also use default flight value and continue using current behavior. For Broker, we would enable new flow with default `true` (AzureAD/ad-accounts-for-android#3141), which can be controlled remotely to turn off if required. **Option 2** (Not this PR, added for reference) The objective of this update is to improve SSL error handling so that the flow is only cancelled if an SSL error occurs on the main frame resource (the primary page being loaded). If an SSL error affects a sub-resource, only the loading of that specific resource is cancelled, and the overall authentication flow continues. This approach helps prevent unnecessary failures caused by SSL errors on secondary or non-critical resources. (#2688) The con of the approach is client needs to track the active url that's about and being loaded in WebView. The tracking adds cost of developing and maintaining to solution without significant benefit over option 1.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary:
This PR updates the handling of SSL errors in the Android WebView used for authentication. The change is in response to an incident where the MSA sign-up flow failed due to an expired certificate on an MSA UX web page. The expired certificate was associated with a resource loaded by the page; however, the existing SSL error handling in Common’s WebView would cancel the loading of that resource and subsequently terminate the entire authentication flow. (See PBI for details.)
Solution
Option 1
We simply log and stop loading the resource that caused the error by calling
SssHandler.cancel()but not stop the flow by erroring out. This is a simple change. The only thing is the main URL (the url loading in the WebView) itself has SSL error then the flow would end up in blank page. This is as bad as finishing the flow but does not inform calling app of the error via exception.But if sub-resource has the error, then the flow continues.
This is a low cost solution and easy to implement with slightly poorer UX.
Option 2 (Changes in this PR)
The objective of this update is to improve SSL error handling so that the flow is only cancelled if an SSL error occurs on the main frame resource (the primary page being loaded). If an SSL error affects a sub-resource, only the loading of that specific resource is cancelled, and the overall authentication flow continues. This approach helps prevent unnecessary failures caused by SSL errors on secondary or non-critical resources.
Changes introduced:
WebView and WebViewClient Update:
AzureActiveDirectoryWebViewclass, which extends Android'sWebViewand tracks the active URL being loaded, along withAzureActiveDirectoryWebViewClientWebViewClient's callbacks likeonPageStartedbecause webpage can run into error even beforeonPageStartedis called. So, we track the URL ourselves byshouldOverrideUrlLoading(..)callback. This is called before URL is about to get loadedloadUrlis called explicitly. This is case whereshouldOverrideUrlLoading()is not called. Since there are multiple places webView.loadUrl is called, addedAzureActiveDirectoryWebViewwhich keeps track of the URL being loaded in loadUrl and then continues with webView.loadUrlHandling error in onReceivedSslError
onReceivedSslErrorchecks if the SSL error is for the main frame (i.e., the main page being loaded). It does so by comparing the active url against the error url on host/domain. If error is for main frame, it cancels the flow and calls the completion callback with an error; otherwise, it just cancels the faulty resource, and let the flow continue.Flighting
WEB_VIEW_NEW_SSL_ERROR_HANDLER_ENABLED) inAuthenticationConstants.javato control whether the new SSL error handler logic is enabled. This can be used by OneAuth to opt-in or opt-out.true. If the key is not passed. If the key passed, that will be used (primarily meant for OneAuth/MSALCPP). If not, flight would be used (meant for Broker). MSAL would also use default flight value, as there's no remote flighting there.