Trouble with Okta Login and auto-save

Kennsen
Kennsen
Community Member
edited June 2015 in 1Password in the Browser

Help us help you!

  • I’m using 1Password version #:1Password
    Version 5.3 (530029)
    Mac App Store

  • On a (Mac/PC/iOS/Android): MacBook Pro Retina 13" (late 2013)

  • Syncing with other devices (list them): iPhone6, LG Nexus 5

In our company we are using a single-sign-on service called Okta. When I hit one of our sites I can automatically login with command+\. But directly after automatically logged in, it asks me to save the login, which doesn't make sense, because it was filled automatically. So it does not learn anything new.
It looks like autofill and autosave are using different algorithms.

Thank you for looking into this issue,
Nils

«13

Comments

  • Mitch
    edited April 2015

    Hi @Kennsen,

    This is just a guess, but are you using the Okta service for sites across more than one domain? 1Password will prompt you to save a new Login whenever you log into a site from a URL that isn't saved in your vault. You could get around that shortcoming by editing the Login item for Okta and adding additional "website" fields for the different URLs.

    Cheers,
    -Mitch

  • Kennsen
    Kennsen
    Community Member

    Hi Mitch,

    thank you. I am sure, that adding all necessary domains to the login item will help.

    I was only wondering, that autofill does identify the website correctly so it is using the correct credentials and afterwards it is prompting me to update the Login item for me with the data, it provided itself. :)

    Thank you for having a look into this issue,
    Nils

  • Mitch
    edited April 2015

    @Kennsen, could you open the main 1Password app, find the Okta Login item, and click on "show web form details"? See if there are any fields in there that aren't your username and password. (Perhaps there is a hidden field which is updated on each submit and which is tricking 1Password into thinking you made a change.)

  • Kennsen
    Kennsen
    Community Member

    Thank you. That was a good hint. There are two passwords. That is of course tricky. I will look into it tomorrow. Now it's bed time over here.

    Have a good day.

  • khad
    khad
    1Password Alumni

    Please do let us know how it goes, @Kennsen. There is an issue I has been trying to reproduce where I will see the autosave prompt even though I just filled the Login using 1Password (so it already knows the password and shouldn't need to re-save it). It doesn't quite sound like this is the same issue since the one I am seeing is very intermittent and has happened on a few different websites. But if you have all the domains and correct password(s) listed in the Login item, I don't think you should be seeing this.

    ref: OPM-2985

  • Kennsen
    Kennsen
    Community Member

    I've now deleted the Login item and entered the password again, stored it then in 1password with autosave. Nothing changed. When I logout and login again, it fills out the form correctly, but still wants to update the new Login item. So what might be the problem. It IS the same domain.

  • Kennsen
    Kennsen
    Community Member

    Even worse: I've now checked 'Never Autosave for this site' and it still asks me every time. :(

  • That's very odd. We're investigating this but we don't have access to Okta to try it ourselves.

    What happens if you agree to save the new login item? (Save it to a new entry instead of updating the existing one.) Are you still prompted to autosave when you log in the next time? It might also be revealing if you could compare the web form data in the "before" and "after" entries.

    (It may be a good idea to move this conversation over to private email--we might want to ask you for some sample data from 1Password.)

  • Kennsen
    Kennsen
    Community Member

    I've tried to save a new login. It doesn't change much. We can definitely change to a mail conversation. It looks like a very specific thing. If I am the only one, I can just live with it. It is just slightly annoying. If there are others I am more than happy to help.

  • teknologika
    teknologika
    Community Member
    edited April 2015

    We use the combination of OKTA and 1password at our company, many users are encountering this issue of being prompted to re-save with every authentication.

    Looking at the OKTA web form details the form has three password fields ...
    password
    hidden-password-1 and
    hidden-password-2

  • khad
    khad
    1Password Alumni

    Thank you for confirming this, @teknologika! I've asked one of the devs to take a peek. It may not be immediately, but I did want to let you know that I'm getting some more eyes on this.

    Thanks for your patience!

  • teknologika
    teknologika
    Community Member

    No problem @khad let me know if you want me to do any testing of the fix.

  • khad
    khad
    1Password Alumni

    Will do! I do also want to mention that dev efforts have been directed to some other areas temporarily, so it may take a few weeks before any progress on this begins. I don't say that to be discouraging, but I do want to make sure to set realistic expectations.

    Thanks again for hanging in there. :)

  • khad
    khad
    1Password Alumni
    edited April 2015

    So, I've got a little bit more detail on this, @teknologika and @Kennsen.

    Right now, our best guess is that this is due to the page not actually having <form> anywhere. Currently, if there isn't a <form> element in the markup, we won't be able to avoid autosave on the site after 1Password fills it.

    We are expecting to improve this in a future update, but we don't have a time frame for a specific release. Sorry I don't have a better answer right now, but this is definitely on our list.

    I don't suspect it will be too helpful if you aren't able to edit the code yourselves, but if you wanted to reach out to OKTA and share this link with them, perhaps their dev team would be responsive. We're all in this together, after all. :)

    Designing your website to work best with 1Password

    Cheers!

    ref: OPX-983

  • Kennsen
    Kennsen
    Community Member

    Thank you. Really, it is not urgent to fix this. I'm just happy to report the issue and someone is listen to this. I've looked in the okta html code an have seen a form-element in the sources. So it might be some other issue. Happy to hear when something have happend.v:)

  • khad
    khad
    1Password Alumni

    Hm. Our guess may have been wrong then. If you don't mind sharing the URL of the login page, that might help a bit, but I think the biggest help will be some of the bigger upcoming changes we have planned for autosave. :)

  • ILikeVoltron
    ILikeVoltron
    Community Member
    edited June 2015

    Here is what the form looks like, sans my user id and "_xsrfToken"

    https://gist.github.com/aa35560317acec4dd43a

    I am also given the option to update existing login (every single time)

  • 2robo2
    2robo2
    Community Member

    Just wanted to add my ++ to this. I use Okta to get to a wide variety of web based services for work, and am (mildly) annoyed by this issue a few times a day. 1Password successfully fills the Okta login form and submits, but then prompts me to update the exiting Okta login in 1Password. I've tried both telling it to Save, and to never Autosave, but neither have an effect. I had a theory that since Okta is basically a web based SSO service that handles authentication and then redirects you to a 3rd party site, that redirect to another site might be confusing 1Password... However, the login it prompts you to update is for Okta, not for Salesforce, Atlassian, Office365 or wherever you might be sent after authenticating with Okta...

  • khad
    khad
    1Password Alumni
    edited June 2015

    Thanks for letting us know this is still affecting folks, @2robo2 and @ILikeVoltron. (Great combination of usernames, but the way!)

    I've passed your info along to the developers to review.

    I don't have a time frame, but this is on our list.
    ref: OPX-1010

  • 1TicketTerm
    1TicketTerm
    Community Member

    Please fix!

  • Aleen
    Aleen
    1Password Alumni

    Hi @1TicketTerm,

    Thanks for letting us know this is impacting you! We don't have an estimate as to when this will be improved, but we're looking into it.

  • 1TicketTerm
    1TicketTerm
    Community Member

    :) Thanks!

  • On behalf of Aleen, you're most welcome. :)

  • snstanton
    snstanton
    Community Member

    I'd like to vote for prioritizing this fix as well. We have to sign in to Okta frequently for workflow signoffs, so this behavior slows down the process.

  • khad
    khad
    1Password Alumni

    Thank you for adding your voice here, @snstanton. I've passed your request along to the developers. I'm sorry I don't have an ETA I can provide, but it is on the list.
    ref: OPX-1010

  • bensherman
    bensherman
    Community Member

    +1 for a fix for this. https://test.okta.com/ is where you can see the HTML.

  • khad
    khad
    1Password Alumni

    Thank you for letting us know you would also like to see this resolved, @bensherman. That test site is probably better to use for testing a fix than a live one, so thank you for that!

  • bryanrcampbell
    bryanrcampbell
    Community Member

    +1! I use Okta at work so I end up having to log into it many times a day. I LOVE being able to just type command + \ ...but sadly it's not as seamless when I get the "Update Login" every time :|

  • khad
    khad
    1Password Alumni

    First, thank you for letting us know how much you love ⌘\, @bryanrcampbell! That is very encouraging. That makes me extra sad that we are falling short here. I'm sorry about that. I've made sure that the developers know you are also waiting for a fix for this.

    If we can be of further assistance in the meantime, please let us know!
    ref: OPX-1010

  • khad
    khad
    1Password Alumni

    @Kennsen, @teknologika, @ILikeVoltron, @2robo2, @1TicketTerm, @snstanton, @bensherman, @bryanrcampbell,

    Sincere thanks for your patience.

    This has been fixed in the latest beta version of the extension that we just released a moment ago. From the 1Password extension release notes:

    1Password once again properly avoids autosave when the form was filled with 1Password.

    If you don't want to wait for it to hit the next stable build, you can switch to the beta channel:

    Installing beta versions of the browser extension

    Please let me know how it goes for you. It should be resolved, but it is always great to have additional confirmation. :)

This discussion has been closed.