IBM Support

Mozilla Firefox Extended Support Release single sign-on extension

Flashes (Alerts)


Abstract

This document identifies the supported versions of Mozilla Firefox Extended Support Release (ESR) and provides the procedure for installing the AccessAgent single sign-on extension for Mozilla Firefox ESR.

Content

Applies to: IBM Security Access Manager for Enterprise Single Sign-On

You must install the extension so that you can single sign-on to web applications through Mozilla Firefox ESR 60 (all releases) with AccessStudio.

 

Prerequisites

Back to top

 

Download package

Extension Release Date Size Download
Mozilla Firefox extension 8.2.2.0627 30 October 2023 1.61 MB

ext_firefox.zip


To download earlier versions of the extension, see the following pages:

 

Enhancements

30 September 2020: Version 8.2.2.0502
  • Compatibility update: Mozilla Firefox ESR 78 is now supported.
27 March 2020: Version 8.2.2.0486
  • Single sign-on support is enhanced for Angular web applications

29 March 2019: Version 8.2.2.0424

  • Web signature generation is now supported with Mozilla Firefox web browser for creating AccessProfiles.

Back to top

 

Resolved defects

30 October 2023: Version 8.2.2.0627    
  • Manifest version upgraded from V2 to V3.
30 June 2023: Version 8.2.2.0618     
  • Security vulnerability related to Jquery.js is addressed and the version is upgraded to the latest recommended version. 
30 September 2020: Version 8.2.2.0502
  • APAR IJ86869: Cannot drag and drop file on Microsoft SharePoint if ISAMESSO web extension is installed.

30 June 2020: Version 8.2.2.0498

  • Code signing of installer and uninstaller executables.
  • APAR IJ25121: Unnecessary credential capture pop-up in case of 'bearer' authentication scheme.

25 September 2018: Version 8.2.2.0186

  • Fixed an issue for silent installations where a prompt would display and interrupt the silent installation process.

31 July 2018: Version 8.2.2.0160

  • Installation and uninstallation issue when AccessAgent is not installed in the default installation directory.

Back to top

 

Installing the extension

Part 1: Setting up the extension in Mozilla Firefox

  1. Close any running instances of Mozilla Firefox.
  2. Run firefox-extension.installer.exe with administrator privileges.
  3. Start Mozilla Firefox.
  4. If you are prompted with an Install Add-on page, select Allow this installation, and click Continue.

    Note: To install the Firefox extension automatically, you must set the Firefox extensions.autoDisableScopes preference to 0. For more information, see “Firefox settings” on this page.
  5. In the toolbar, click > Add-ons.
  6. Click Extensions, and ensure that ISAM ESSO is enabled.


Part 2: Update the AutoLearn AccessProfile

  1. On the IMS Server, backup the earlier version of the AutoLearn AccessProfile, sso_site_web_auto_learn, and then delete the earlier version from your server.
  2. Upload the updated AccessProfile, sso_site_web_auto_learn, that is provided.
    For more information, see Uploading information.
  3. Synchronize the AccessAgent with the IMS Server.


Part 3: Delete the Mozilla Firefox AccessProfile

On the IMS Server, delete the Mozilla Firefox AccessProfile, sso_site_wnd_firefox, from your server.

  1. In AccessStudio, click  File > Import data from IMS.
  2. In the AccessProfiles pane, look for the sso_site_wnd_firefox AccessProfile ID.
  3. Select the AccessProfile ID, right-click and select Delete.
  4. When prompted, click Yes, and then click OK.
  5. Synchronize the AccessAgent with the IMS Server.

Uninstalling the extension

  • Close any running instances of Mozilla Firefox.
  • Run firefox-extension.uninstaller.exe with administrator privileges.
  • Start Mozilla Firefox.
  • In the toolbar, click > Add-ons.
  • Click Extensions.
  • Verify that the extension is no longer displayed.

Back to top

 

Known issues and limitations

  • The Browser starts navigating form page trigger fires when a Web form on the page is submitted.
  • The AccessStudio Web Finder tool is not supported on Mozilla Firefox. To generate the signature, use the Internet Explorer web browser.
  • The following web triggers are not supported:
    • Browser closed
  • The following web actions are not supported:
    • Register for SCR with the IMS Server
    • Perform SCR with the IMS Server
  • The following Run Script APIs are not supported:
    • runtime.GetBrowserObjectFromHTMLDocument
    • runtime.GetBrowserTopLevelWindow
    • runtime.GetHTMLDocument
    • runtime.GetHTMLElementsFromXPath
    • runtime.GetWebAgentController
    • windowcontroller.GetHTMLDocumentFromWindow
  • For the Basic Authentication, the ISAM ESSO Capture Credential prompt, might appear in the background.
  • In certain scenarios highlighting of HTML button elements from the generated XPath signature might not work, although the AccessProfile with the generated XPath will work.
  • Press the space bar if Window Signature is Invalid displays behind the Highlight Control notification.

Back to top

  

Creating AccessProfiles for Mozilla Firefox

To create AccessProfiles for Mozilla Firefox ESR, install the AccessStudio.

Back to top

 

Troubleshoot AccessProfiles

In general, AccessProfiles for web applications that you create for Internet Explorer will also work with Mozilla Firefox.

If an AccessProfile that you create, is working in Internet Explorer but not Mozilla Firefox, use the following troubleshooting steps.

   

Increase the log level for AccessAgent
In the registry editor, browse to HKEY_LOCAL_MACHINE > SOFTWARE > IBM > ISAM ESSO > ECSS > DeploymentOptions.

   

Collect logs from the Mozilla Firefox browser

  1. Open the Firefox browser.
  2. Press Ctrl+Shift+J to open the Browser Console.
  3. Recreate the problem.
  4. In Browser Console, in the Server tab, select all the content, and copy it to a file named FirefoxBrowserConsole.log.
  5. Copy this file to <aa_install_folder>\logs.


Note: If you are requested by IBM Support, package the logs folder into a file and send the compressed file to IBM Support.    

Reviewing the signature from the Firefox browser

Before you review the signature, ensure that you have exported the browser console logs to FirefoxBrowserConsole.log. See Collect logs from the Mozilla Firefox browser.


For a single sign-on AccessProfile to work successfully, you must find the correct web element signature. The following line is an example of a typical signature:

/child::html/descendent::form/descendent::input[@tag_name="input" and @type="password"]

In the FirefoxBrowserConsole.log, this line indicates that the signature is not found. This line appears in the logs that you collect from the Browser Console.


WebFinder Result: Parse error; xpath = "/child::html/descendent::form/descendent::input[@tag_name=\"input\" and @type=\"password\"]"

To diagnose this problem, follow the steps below:


1. Look for the following line. In this line, the parser starts to look for the signature. 

---- PROCESS QUERY STARTS: xpath = /child::html/descendent::form/descendent::input[@tag_name="input" and @type="password"] ---- 

2. For each step of the XPath, you can see a corresponding set of properties. For example, for the /descendent::form,

     ---- PARSER INTERNAL STARTS: After getDescendantFormNode ----
        _vecCurrentElements = Array (
            [0] => { tag: FORM, id: tsf, name: f }
        )
        _State = 0
        _currentOperator = 0
        _currentPredOperator = 0
        _mmCurrentClause = { op: 0, vecNVPairs = Array ( ) }
        _mmCurrentPredicate = Array ( )
        _wsCurrentExprName = 
        _wsCurrentExprValue = 
        _wsAttributeName = 
        _wsAttributeExpr = 
        _wsPostEvalExprValue = 
        _vecAttributes = Array ( )
    ---- PARSER INTERNAL ENDS ----

  •  Note the action getDescendantFormNode. This is the action being performed. This action shows which step of the parsing is being run.
  • _vecCurrentElements is the current set of matches found after running the action. The result of getDescendantFormNode is a FORM with the NAME f and ID tsf 


3. For predicates or conditions, such as [@tag_name="input" and @type="password"], look for reducePredicate: @tag_name="input" and @type="password" .


  reducePredicate: @tag_name="input" and @type="password"
    ---- PARSER INTERNAL STARTS: After reducePredicate ----
        _vecCurrentElements = Array ( )
        _State = 4
        _currentOperator = 1
        _currentPredOperator = 0
        _mmCurrentClause = { op: 0, vecNVPairs = Array ( ) }
        _mmCurrentPredicate = Array ( )
        _wsCurrentExprName = type
        _wsCurrentExprValue = password
        _wsAttributeName = 
        _wsAttributeExpr = 
        _wsPostEvalExprValue = 
        _vecAttributes = Array ( )
    ---- PARSER INTERNAL ENDS ----
   

  • Note that _vecCurrentElements at this point is empty. This implies that no element is found to match this condition.
  • Review the previous lines on the logs to identify precisely where _vecCurrentElements is set to an empty value. From this information, you can identify the first action that resulted in a no-match.
  • Check the information provided for the HTML elements that matched the previous action or clause to identify what is missing. For instance, the last log entry with some matches was in getDescendantInputNode.

     ---- PARSER INTERNAL STARTS: After getDescendantInputNode ----
        _vecCurrentElements = Array (
            [0] => { tag: FORM, id: tsf, name: f }
            [1] => { tag: INPUT, name: sclient, type: hidden }
            [2] => { tag: INPUT, name: site, type: hidden }
            [3] => { tag: INPUT, name: source, type: hidden }
            [4] => { tag: INPUT, id: lst-ib, class: gsfi, name: q, type: text }
            [5] => { tag: INPUT, id: gs_taif0, class: gsfi }
            [6] => { tag: BUTTON, class: lsb, name: btnG, type: submit }
            [7] => { tag: INPUT, name: oq, type: hidden }
            [8] => { tag: INPUT, name: gs_l, type: hidden }
            [9] => { tag: INPUT, name: pbx, type: hidden }
        )
        _State = 0
        _currentOperator = 0
        _currentPredOperator = 0
        _mmCurrentClause = { op: 0, vecNVPairs = Array ( ) }
        _mmCurrentPredicate = Array ( )
        _wsCurrentExprName = 
        _wsCurrentExprValue = 
        _wsAttributeName = 
        _wsAttributeExpr = 
        _wsPostEvalExprValue = 
        _vecAttributes = Array ( )
    ---- PARSER INTERNAL ENDS ----

  • Note that in the list of matched elements, none of the INPUT fields found has a type called password causing the condition to fail.

You can use the approach described in this example as an alternative to opening the HTML source. Opening the HTML source can be misleading because of the quirks in the browser.

Tip: Blocks for reduceExprName, setOperator, reduceExprValue and postEvalExprValue can be usually ignored.

  • If the generated web signature contains dynamic attributes (such as dynamic ID), then you can evaluate the signature by removing the dynamic attribute to make it work consistently.

Back to top

   

Check the properties of web elements for Internet Explorer and Mozilla Firefox


Under some instances, some web applications might use different properties for the same web element in Mozilla Firefox and Internet Explorer.

In the section Reviewing the signature from the Mozilla Firefox browser, if you discover that the signature is found in one browser but not the other, consider tweaking properties for the web elements for both Internet Explorer and Mozilla Firefox.

Examples of properties include name, id, type.

To inspect the web elements:

1. Launch the web application in both Internet Explorer and Mozilla Firefox.

2. In the following browsers, launch Developer tools by pressing F12 and complete the following steps:

Web browser Do:
Internet Explorer Under the DOM Explorer tab, click .
Mozilla Firefox
Microsoft Edge (Chromium-based)
Microsoft Edge
Google Chrome
 In the Developer Tools pane toolbar, click .

3. Identify the web elements properties that are common between the web browsers and modify the signature in AccessStudio accordingly.

4. If a generated web signature contains dynamic attributes, for example, attributes values change after each page loads or attribute values are different across browsers, then you must remove these dynamic attributes. Modify the web signatures by identifying common and static attributes that you can use across different browsers.

Back to top

Revision history

Date Description
30 October 2023 Version 8.2.2.0627. Manifest version upgraded from V2 to V3.
30 June 2023 Version 8.2.2.0618. Defect fixes.
30 September 2020 Version 8.2.2.0502. ESR 78 support and defect fixes.
30 June 2020 Version 8.2.2.0498. Defect fixes.
27 March 2020 Version 8.2.2.0486. Single sign-on support is enhanced for Angular web applications.
29 March 2019 Version 8.2.2.0424. Updated to support web signature capture with AccessStudio.
25 Sept 2018 Updated with fixes for silent installations.
31 July 2018 Initial.

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS9JLE","label":"IBM Security Access Manager for Enterprise Single Sign-On"},"Component":"","Platform":[{"code":"PF033","label":"Windows"}],"Version":"8.2.2","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
02 November 2023

UID

ibm10718769

Page Feedback