I've had a Login set for roughly 2 years that no longer works.

This is a single-signon type login that I use for all kinds of services at the place where I work. When I get taken to the URL set in the Login (usually via a redirect), the Login doesn't show up in the list (using the browser extension), although I can find it with a search. All sorts of other, seemingly irrelevant logins appear in the initial list. If I add my credentials manually, 1Password doesn't even ask me to save a new login or update an existing one. The URL in the Login is correct (at least the domain, plus a little more: https://login.wisc.edu/idp/profile -- this is one of those really long URLs, but that much is normally enough. What can I do to get this Login recognized again?


1Password Version: 6.8.4
Extension Version: 4.6.12.90
OS Version: OS X 10.13
Sync Type: 1Password
Referrer: forum-search:site

Comments

  • brentybrenty

    Team Member

    @siplhium: Thanks for reaching out. I’m sorry for the trouble! It sounds like when you go to the URL you have saved in the login, you're redirected somewhere else. What is the exact URL for both? That one is just going me a 404. If they do not match, 1Password will not offer to fill that login there. Also, be sure to let me know which browser version you're using. Thanks in advance!

  • No, perhaps I wasn't clear enough. If I go (as one example) to https://wiscmail.wisc.edu, it redirects me to a single singon page at https://login.wisc.edu/idp/profile/SAML2/Redirect/SSO;jsessionid=023C57D339FA396463520352768B96AE?execution=e1s1 (that's what is it this morning), where I can enter a username and password. There's no point in saving the entire second url in 1password because part of it is generated dynamically. This is not unusual; it happens on all kinds of websites where you have to log in to an account. My experience in 1password is that you don't need to enter the entire url into 1password; often the domain or a little more is enough. As I said, this 1Password login has worked for a long time. S How do I get this to work, and how much of a URL is needed for 1password to recognize that a site matches a saved login?

  • daltondalton

    Team Member

    Thanks for clarifying your situation, @siplhium. Typically, a matching domain name is enough for 1Password to display the Login item.

    I spent some time experimenting the website you shared, and when redirected after visiting https://wiscmail.wisc.edu, I manually saved a Login item using the following instructions:

    How to save a Login manually in your browser

    After creating the Login, I left the listed URL as the dynamically generated one and 1Password didn't have any trouble filling my Login details afterward. I even tried shortening the listed URL to https://login.wisc.edu/idp/profile and 1Password still filled my Login details correctly every time.

    With this being the case, I'm wondering if creating a new Login item might work for you. Would you mind trying to manually save a new Login item using the guide I linked to above? Looking forward to hearing how it goes! :)

  • It's not something I had tried before contacting you, but no, it doesn't work. It'll find the Login and fill if I do a search for it, but it doesn't come up on its own.

  • daltondalton

    Team Member
    edited December 2017

    Thanks for trying to manually save a new Login, @siplhium! Since 1Password doesn't seem to be having any trouble filling the Login for you, I'm wondering if using the Command-\ keyboard shortcut to fill the Login will work for you. Can you try pressing Command-\ the next time you need sign into that website? I expect 1Password will fill your Login details without a problem.

    Along with that, can you tell me what URL you have listed in your Login item? I ended up keeping https://login.wisc.edu/idp/profile as the URL for my Login item and 1Password shows the item when I visit:

    https://login.wisc.edu/idp/profile/SAML2/Redirect/SSO;jsessionid=1F3EB082FBF72FC68A081E3753613E6D?execution=e1s1

    You might try adding the dynamic URL the next time you visit the website and see if 1Password shows your Login then. Let us know how it goes! :)

  • brentybrenty

    Team Member

    @DaltonD: Unfortunately I think the dynamic nature of the URL is the problem. When following the last link above, I get "Sorry, there was a problem. Stale Request:".

    @siplhium: If you save https://login.wisc.edu as a second URL in that login does that help with matching? When I go to https://wiscmail.wisc.edu I'm redirected to https://login.wisc.edu/idp/profile/SAML2/Redirect/SSO?execution=e1s1 so using https://login.wisc.edu in the login item should allow 1Password to match there as well. :)

  • brentybrenty

    Team Member

    @siplhium: To be clear, I'm not having any trouble having 1Password save and fill a login after following this URL:

    https://wiscmail.wisc.edu

    to this URL:

    https://login.wisc.edu/idp/profile/SAML2/Redirect/SSO?execution=e5s1

    following the instructions to save the login manually. Now, maybe they won't let me return to the same URL tomorrow, but if I set https://wiscmail.wisc.edu as the first URL in the login that's no problem.

    I think the problem you're having is the redirect: when you tell 1Password to go to a webpage and fill your login credentials there, it isn't going to fill at some other arbitrary webpage you're redirected to instead. That would be a great way to fall prey to phishing attacks. But once the site is finished shuttling you around, if you press ⌘ \ you should be good to go. Let me know if that helps. :)

  • Dalton, brenty, it doesn't work for me. No matter which url I put into the login, including the shorter one Dalton suggested, it doesn't work. 1Password doesn't find a match. If you had no problem getting 1Password to fill as you just described, then I shouldn't either. I'm not sure why the redirect should make a difference. Isn't it the case that when the browser lands on http://login.wisc.edu[etc], 1Password should recognize the domain and link it with the login I've created? Creating a login using the wiscmail url as you described doesn't work for me either. Given that this used to work, reason and experience tells me that there is something else going on that is causing a problem.

  • daltondalton

    Team Member

    Thanks for sticking with us here, @siplhium. I know it can be frustrating when something should work but continues to defy us. We appreciate you being so patient while we debug this issue. :)

    As a next step, I'd like to clarify a few things on your end to ensure we're on the same page. Would you mind providing the following details?

    Along with those questions, I'd like to share the process that I took to create a working Login item. I'm hoping that by sharing this process, we'll be able to identify any differences there may be between the steps we took.

    1. Navigate to https://wiscmail.wisc.edu in Chrome and get redirected to https://login.wisc.edu/idp/profile/SAML2/Redirect/SSO?execution=e2s1
    2. Enter dummy credentials into the NetID and Password fields
    3. Click on the 1Password extension icon in Chrome's toolbar to open 1Password mini
    4. Click the gear icon in the top right corner of 1Password mini
    5. Click Save new Login
    6. Click Save Login when prompted by 1Password

    After following that process, if I then navigate to https://wiscmail.wisc.edu and get redirected to https://login.wisc.edu/idp/profile/SAML2/Redirect/SSO?execution=e3s1, the Login item I just created will show up when I open 1Password mini through the 1Password extension in Chrome. If you follow the steps I listed above, are you able to get the Login item to show up?

  • Q: Which URL(s) are currently listed in the Login item that doesn't show up in 1Password mini when you visit http://login.wisc.edu[etc]?

    A: https://login.wisc.edu/idp/profile/. For the hell of it I also created one that uses the url https://wiscmail.wisc.edu/

    Q: How are you navigating to http://login.wisc.edu[etc]? Are you first visiting https://wiscmail.wisc.edu then getting redirected or using "open and fill" within 1Password for Mac?

    A: the former. The latter would never work, since this is Shibboleth login page.

    Q: If you follow the steps I listed above, are you able to get the Login item to show up?

    A: only if I click where it says "show 17 more items". Otherwise, initially it's not visible.

  • brentybrenty

    Team Member

    A: only if I click where it says "show 17 more items". Otherwise, initially it's not visible.

    @siplhium: Yeah, that's the problem. Do you really need 17 logins matching that site? This is expected behaviour. 1Password will not be able to fill immediately when you press ⌘ \if you have multiple logins to choose from there. If clicking "show more" lets you choose the login you want, it doesn't sound to me at all like 1Password isn't matching it for you. It's just that you have so many, another is a better match, especially given the URL change. There's nothing 1Password can do about that.

    However, do you perhaps have 1Password Preferences > Browsers > Allow filling on pages that closely match saved websites enabled? That's off by default because it can definitely complicate things by using less strict matching, so that could contribute to you getting more matches there than you would without turning that on.

    Also, you could try setting the login you're trying to use as Favorite to put it at the top of the list. Again, the redirect makes this problematic, but that may help.

    Ultimately if you can consolidate a bit that will make your workflow smoother — with fewer logins to choose from each time you want to sign in. We just can't do anything about the redirect, and in the vast majority of cases — almost all of them, in fact — we absolutely don't want 1Password filling for you on a page you've been redirected to without your permission.

  • "However, do you perhaps have 1Password Preferences > Browsers > Allow filling on pages that closely match saved websites enabled?"

    Bingo. That was the problem. And I will experiment with favorites, as you suggested.

    However, please look at the urls for the sites at the top of that match list. The only match is for the string "wisc.edu". I don't think any reasonable person would consider these better matches.

    1. https://apps.umark.wisc.edu/business-tools/
    2. https://chancellor.wisc.edu/wp/wp-admin/admin.php?page=gf_settings&subview=gravityformscampaignmonitor
    3. http://test.chinese.parent.wisc.edu/wp/wp-admin/install.php
    4. http://test.chinese.parent.wisc.edu/wp/wp-admin/install.php
    5. http://test.campusclimate.wisc.edu/wp/wp-login.php?redirect_to=http://test.campusclimate.wisc.edu/wp/wp-admin/&reauth=1

    Do you folks consider these to be close matches? Never mind closer than https://login.wisc.edu/idp/profile ?

    I'm sure it wasn't intended quite this way, but what I'm hearing is that this is more of a user problem because I have too many similar logins. I have a lot of logins for the wisc.edu domain. I do web development work for local, test, and production instances of WordPress and other types of sites that require authentication. If 1Password is unable distinguish among them despite their having clearly unique urls, well, that would not be very good to say the least.

  • jxpx777jxpx777 Code Wrangler 1Password Alumni

    @siplhium If you have many different subdomains with different accounts, then you want that checkbox unchecked. This thread has a good discussion of the design and tradeoffs.

    Another thing I would suggest is possibly setting up vaults to separate your testing Logins from your actual user account Logins. This is a snap in the 1Password dashboard: https://support.1password.com/create-share-vaults/

    The other thing that can be helpful is typeahead filtering. When 1Password shows the popup to allow you to choose a Login, it is immediately ready for you to type to further filter the list down. So, if you are in your new "Testing" vault and 1Password offers you a dozen Logins to choose from, you can have specific keywords in their titles that will allow you to type a few characters and narrow the list down quickly. I frequently have to do this with my plethora of Google account Logins.

    I hope this helps both to outline the options available to you and also to clarify some of the thinking and design decisions that have gone into the behavior that is there now.

    --
    Jamie Phelps
    Code Wrangler @ AgileBits
    Fort Worth, Texas

  • Thanks Jamie. I will explore the things you suggest. What still puzzles me is why 1Password would have considered the listed items in my previous post as close matches, and closer to a login with an exact match -- in fact, the only one I would consider a close match. They aren't similar at all, save for the wisc.edu domain.

  • jxpx777jxpx777 Code Wrangler 1Password Alumni

    The label on that checkbox is confusing. It's the worst way to describe the functionality except for every other approach we have tried… "Close" means "non-exact". So, when you allow "close" matches, you're telling 1Password to treat all subdomains as equal. Like I said, it's confusing and one of my least favorite things about how 1Password works and is presented to users.

This discussion has been closed.