IBM Support

Microsoft Edge (Chromium-based) single sign-on extension

Flashes (Alerts)


Abstract

This document identifies the supported versions of Chromium-based Microsoft Edge and provides the procedure for installing the AccessAgent single sign-on extension for Microsoft Edge.

Content

Applies to: IBM Security Access Manager for Enterprise Single Sign-On
You must install the extension so that you can single sign-on to web applications and generate web signatures through Chromium-based Microsoft Edge with AccessStudio.

Prerequistes

Ensure that your system meets the following requirements:

An Internet connection is required for Chromium-based Microsoft Edge to download the web extension from the Microsoft Edge (Chromium) Addons Store.

Back to top

Download package

Extension Date modified Size Download
Edge Chromium extension 8.2.2.0615 30 June 2023 1.5 MB

ext_EdgeChromium.zip

Back to top

Enhancements

30 June 2020: Version 8.2.2.0405
  • Initial release of Microsoft Edge Chromium extension.

Back to top

Resolved defects

30 June 2023: Version 8.2.2.0615
  • Security vulnerability related to Jquery.js is addressed and the version is upgraded to the latest recommended version and Manifest version upgraded from V2 to V3.
30 December 2022: Version 8.2.2.0561
  • APAR IJ43881: Added additional checks for “Negotiate” and “ntlm” authentication header scheme
11 January 2022: Version 8.2.2.0532
  • APAR IJ36262, IJ36263: Broker exits after a while due to network error between web extension and broker.
16 August 2021: Version 8.2.2.0519
  • APAR IJ33486:After clicking OK on the SSO user selection screen, the original screen does not return. 
  • Digital signature added for files .vbs and .ps, and EdgeChromium-extension.uninstaller.exe.
30 June 2021: Version 8.2.2.0517
  • APAR IJ33252: Auto injection of credentials does not work for web applications requiring NTLM authentication.
1 March 2021: Version 8.2.2.0505
  • APAR IJ30830: Garbled characters are displayed when an AccessProfile is created on a web page having characters other than ASCII
30 September 2020: Version 8.2.2.0503
  • APAR IJ2869: Cannot drag and drop file on Microsoft SharePoint if the ISAM ESSO web extension is installed.

Back to top

 

Installing the extension

Part 1: Set up the extension in Chromium-based Microsoft Edge

  1. Close any running instances of Chromium-based Microsoft Edge.
  2. Run EdgeChromium-extension.installer.exe with administrator privileges.
  3. Start the Chromium-based Microsoft Edge.
    Note: Microsoft Edge automatically downloads the extension from the Microsoft extension web store.
  4. From the toolbar, click image-20230214210204-1, and select Extensions.
    Ensure that ISAM ESSO is enabled.

Note: If an earlier version of ISAM ESSO Edge Chromium extension is installed, then run the EdgeChromium-extension.uninstaller.exe (part of the same version package) with administrator privileged before you install this version.

Part 2: Update the AutoLearn AccessProfile

  1. On the IMS Server, backup the earlier version of the Autolearn AccessProfile, sso_site_web_auto_learn, and then delete the earlier version from your server.
  2. Upload the updated AccessProfile, sso_site_web_auto_learn, that to the IMS Server.
    For more information, see Uploading information.
  3. Synchronize the AccessAgent with the IMS Server.

Note: Basic Authentication support for Microsoft Edge does not require any AccessProfiles. The web extension provides bundled support for Basic Authentication.

Back to top

 

Uninstalling the extension

  1. Close any running instances of Microsoft Edge.
  2. Run EdgeChromium-extension.uninstaller.exe.
    Note: You must complete this procedure with the currently logged in user privileges only.
  3. Start the Chromium-based Microsoft Edge.
  4. From the toolbar, click image-20230214210328-2.
  5. Click Extensions.
  6. Verify that the extension is no longer displayed.

Back to top

 

Known issues and limitations

  • The Browser starts navigating form page trigger fires when a Web form on the page is submitted.
  • The AccessStudio Web Finder tool is not supported on Microsoft Edge. To generate the signature, use the Internet Explorer web browser.
  • The following web triggers are not supported:
    • Browser closed
  • The following web actions are not supported:
    • Register for SCR with the IMS Server
    • Perform SCR with the IMS Server
    • The following Run Script APIs are not supported:
      • runtime.GetBrowserObjectFromHTMLDocument
      • runtime.GetBrowserTopLevelWindow
      • runtime.GetHTMLDocument
      • runtime.GetHTMLElementsFromXPath
      • runtime.GetWebAgentController
      • windowcontroller.GetHTMLDocumentFromWindow
  • Installation and uninstallation of the web extension for Microsoft Edge may take some time.
  • For the Basic Authentication, the ISAM ESSO Capture Credential prompt, might appear in the background.
  • In certain scenarios, highlighting of HTML elements from the generated web signature might not work, although the AccessProfile with the generated web signature will work.
  • Press the space bar if Window Signature is Invalid popup displays behind the Highlight Control notification window.

Back to top

Creating AccessProfiles for Chromium-based Microsoft Edge

To create AccessProfiles for Chromium-based Microsoft Edge, install the AccessStudio.

Back to top

Troubleshoot AccessProfiles

If an AccessProfile that you create, is working on Chromium-based Microsoft Edge, use the following troubleshooting steps.

   

Increase the log level for AccessAgent
In the registry editor, browse to HKEY_LOCAL_MACHINE > SOFTWARE > IBM > ISAM ESSO > ECSS > DeploymentOptions.

  • Increase the value for LogLevel to 4.
  • Increase the LogFileSize to more than 10240 (decimal value).

   

Collect logs from the Chromium-based Microsoft Edge browser

  1. Open the Microsoft Edge browser.
  2. Press F12 to open Developer Tools.
  3. Recreate the problem.
  4. In Console, in the All tab, select all the content, and copy it to a file named ChromeBrowserConsole.log.
  5. Copy this file to <aa_install_folder>\logs.


If the issue is related to identifying a web element, see Reviewing the signature from the Chromium-based Microsoft Edge browser.
Note: If you are requested by IBM Support, package the logs folder into a file and send the compressed file to IBM Support.    

Reviewing the signature from the Chromium-based Microsoft Edge browser

Before you review the signature, ensure that you have exported the browser console logs to ChromeBrowserConsole.log. See Collect logs from the Chromium-based Microsoft Edge browser.


For a single sign-on AccessProfile to work successfully, you must find the correct web element signature. The following line is an example of a typical signature:

/child::html/descendent::form/descendent::input[@tag_name="input" and @type="password"]

In the ChromeBrowserConsole.log, this line indicates that the signature is not found. This line appears in the logs that you collect from the Browser Console.


WebFinder Result: Parse error; xpath = "/child::html/descendent::form/descendent::input[@tag_name=\"input\" and @type=\"password\"]"

To diagnose this problem, follow the steps below:


1. Look for the following line. In this line, the parser starts to look for the signature. 

---- PROCESS QUERY STARTS: xpath = /child::html/descendent::form/descendent::input[@tag_name="input" and @type="password"] ---- 

2. For each step of the XPath, you can see a corresponding set of properties. For example, for the /descendent::form,

     ---- PARSER INTERNAL STARTS: After getDescendantFormNode ----
        _vecCurrentElements = Array (
            [0] => { tag: FORM, id: tsf, name: f }
        )
        _State = 0
        _currentOperator = 0
        _currentPredOperator = 0
        _mmCurrentClause = { op: 0, vecNVPairs = Array ( ) }
        _mmCurrentPredicate = Array ( )
        _wsCurrentExprName = 
        _wsCurrentExprValue = 
        _wsAttributeName = 
        _wsAttributeExpr = 
        _wsPostEvalExprValue = 
        _vecAttributes = Array ( )
    ---- PARSER INTERNAL ENDS ----

  •  Note the action getDescendantFormNode. This is the action being performed. This action shows which step of the parsing is being run.
  • _vecCurrentElements is the current set of matches found after running the action. The result of getDescendantFormNode is a FORM with the NAME f and ID tsf 


3. For predicates or conditions, such as [@tag_name="input" and @type="password"], look for reducePredicate: @tag_name="input" and @type="password" .


  reducePredicate: @tag_name="input" and @type="password"
    ---- PARSER INTERNAL STARTS: After reducePredicate ----
        _vecCurrentElements = Array ( )
        _State = 4
        _currentOperator = 1
        _currentPredOperator = 0
        _mmCurrentClause = { op: 0, vecNVPairs = Array ( ) }
        _mmCurrentPredicate = Array ( )
        _wsCurrentExprName = type
        _wsCurrentExprValue = password
        _wsAttributeName = 
        _wsAttributeExpr = 
        _wsPostEvalExprValue = 
        _vecAttributes = Array ( )
    ---- PARSER INTERNAL ENDS ----
   

  • Note that _vecCurrentElements at this point is empty. This implies that no element is found to match this condition.
  • Review the previous lines on the logs to identify precisely where _vecCurrentElements is set to an empty value. From this information, you can identify the first action that resulted in a no-match.
  • Check the information provided for the HTML elements that matched the previous action or clause to identify what is missing. For instance, the last log entry with some matches was in getDescendantInputNode.

     ---- PARSER INTERNAL STARTS: After getDescendantInputNode ----
        _vecCurrentElements = Array (
            [0] => { tag: FORM, id: tsf, name: f }
            [1] => { tag: INPUT, name: sclient, type: hidden }
            [2] => { tag: INPUT, name: site, type: hidden }
            [3] => { tag: INPUT, name: source, type: hidden }
            [4] => { tag: INPUT, id: lst-ib, class: gsfi, name: q, type: text }
            [5] => { tag: INPUT, id: gs_taif0, class: gsfi }
            [6] => { tag: BUTTON, class: lsb, name: btnG, type: submit }
            [7] => { tag: INPUT, name: oq, type: hidden }
            [8] => { tag: INPUT, name: gs_l, type: hidden }
            [9] => { tag: INPUT, name: pbx, type: hidden }
        )
        _State = 0
        _currentOperator = 0
        _currentPredOperator = 0
        _mmCurrentClause = { op: 0, vecNVPairs = Array ( ) }
        _mmCurrentPredicate = Array ( )
        _wsCurrentExprName = 
        _wsCurrentExprValue = 
        _wsAttributeName = 
        _wsAttributeExpr = 
        _wsPostEvalExprValue = 
        _vecAttributes = Array ( )
    ---- PARSER INTERNAL ENDS ----

  • Note that in the list of matched elements, none of the INPUT fields found has a type called password causing the condition to fail.

    You can use the approach described in this example as an alternative to opening the HTML source. Opening the HTML source can be misleading because of the quirks in the browser.

    Tip: Blocks for reduceExprName, setOperator, reduceExprValue and postEvalExprValue can be usually ignored.
  • If a generated web signature contains dynamic attributes (for example dynamic ID), then the web signature can be evaluated by removing the dynamic attribute to make it work consistently.

   

Check the properties of web elements for Chromium-based Microsoft Edge and other browsers


Under some instances, some web applications might use different properties for the same web element in Chromium-based Microsoft Edge and other browsers.

In the section Reviewing the signature from the Chromium-based Microsoft Edge browser, if you discover that the signature is found in one browser but not the other, consider tweaking properties for the web elements for Chromium-based Microsoft Edge and other browsers.

Examples of properties include name, id, type.

To inspect the web elements:

  1. Launch the web application in Chromium-based Microsoft Edge and other browsers.
  2. In each of the following web browsers, press F12 to open Developer Tools and complete the following steps:
    Web browser Do
    Internet Explorer
    		 Under the DOM Explorer tab, click .
    Google Chrome
    Microsoft Edge (Chromium-based)
    Microsoft Edge
    Mozilla Firefox
    		 In the Developer Tools pane toolbar, click .
  3. Identify the web elements properties that are common between the web browsers and modify the signature in AccessStudio accordingly.

Back to top

   

Revision history

Date Description
30 June 2023 Version 8.2.2.0615-defect fixes. Manifest version upgraded from V2 to V3.
30 December 2022 Version 8.2.2.0561- defect fixes
11 January 2022 Version 8.2.2.0532- defect fixes
16 August 2021 Version 8.2.2.0519- defect fixes
30 June 2021 Version 8.2.2.0517 - defect fixes.
1 March 2021 Version 8.2.2.0505 - defect fixes.
30 September 2020 Version 8.2.2.0503 - defect fixes.
30 June 2020 Initial release of Microsoft Edge Chromium extension.

[{"Product":{"code":"SS9JLE","label":"IBM Security Access Manager for Enterprise Single Sign-On"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"AccessAgent","Platform":[{"code":"PF033","label":"Windows"}],"Version":"8.2.2","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
05 July 2023

UID

ibm16241392

Page Feedback