IE not launching ClickOnce application on redirect
I am trying to assist a client in debugging the launching of a .NET ClickOnce application from a SAML setup. The way this normally works:
User logs into the identity provider site (https://company.identityprovider.com).
User clicks on the service provider link to launch "MyApplication" (https://www.myapplication.com).
MyApplication authenticates the user successfully and redirects the browser to an installer link at https://installer.myapplication.com.
The installer link kicks off the ClickOnce process, which downloads and launches the .NET application, and everything is groovy.
What's happening is that with one specific test user, let's call her Mary, when Mary gets to step 4, the ClickOnce application does not launch. I used Fiddler to validate that steps 1 - 3 are working as expected, and I even see the correct deployment manifest coming back from the installer site, so it's just like IE is not trusting it. So Mary just ends up sitting at the intermediate page (the form that submits the SAML assertion).
Facts:
Other people do not have this problem, so it's likely something related to Mary's specific setup (she's on a Windows 7 machine).
If I take the installer URL and manually copy-n-paste it into a new tab within IE, the ClickOnce installer does launch, so it seems to be an issue ONLY when the installer URL is accessed from within the whole SAML flow/redirection.
I've added all the domains into the Trusted Sites list (https://company.identityprovider.com, https://*.myapplication.com).
I've reset the security level for the Trusted Sites zone back to its default level (which should address the normal settings, like running Authenticode-signed components, etc), and I've also synced her advanced IE settings so that they're the same as another workstation/user that DOES work.
I've tried editing the registry and adding/enabling the TrustManagerPromptingLevel key structure for .NET Framework per MSDN:
https://msdn.microsoft.com/en-us/library/ee308453.aspx
I'm beginning to think that there's a group policy setting in play that might be impacting this user and not others. However, there's a separate department that manages those settings, so I'm hoping for some suggestions on what I should ask them to check out, or other suggestions on things to try.
internet-explorer group-policy clickonce
add a comment |
I am trying to assist a client in debugging the launching of a .NET ClickOnce application from a SAML setup. The way this normally works:
User logs into the identity provider site (https://company.identityprovider.com).
User clicks on the service provider link to launch "MyApplication" (https://www.myapplication.com).
MyApplication authenticates the user successfully and redirects the browser to an installer link at https://installer.myapplication.com.
The installer link kicks off the ClickOnce process, which downloads and launches the .NET application, and everything is groovy.
What's happening is that with one specific test user, let's call her Mary, when Mary gets to step 4, the ClickOnce application does not launch. I used Fiddler to validate that steps 1 - 3 are working as expected, and I even see the correct deployment manifest coming back from the installer site, so it's just like IE is not trusting it. So Mary just ends up sitting at the intermediate page (the form that submits the SAML assertion).
Facts:
Other people do not have this problem, so it's likely something related to Mary's specific setup (she's on a Windows 7 machine).
If I take the installer URL and manually copy-n-paste it into a new tab within IE, the ClickOnce installer does launch, so it seems to be an issue ONLY when the installer URL is accessed from within the whole SAML flow/redirection.
I've added all the domains into the Trusted Sites list (https://company.identityprovider.com, https://*.myapplication.com).
I've reset the security level for the Trusted Sites zone back to its default level (which should address the normal settings, like running Authenticode-signed components, etc), and I've also synced her advanced IE settings so that they're the same as another workstation/user that DOES work.
I've tried editing the registry and adding/enabling the TrustManagerPromptingLevel key structure for .NET Framework per MSDN:
https://msdn.microsoft.com/en-us/library/ee308453.aspx
I'm beginning to think that there's a group policy setting in play that might be impacting this user and not others. However, there's a separate department that manages those settings, so I'm hoping for some suggestions on what I should ask them to check out, or other suggestions on things to try.
internet-explorer group-policy clickonce
add a comment |
I am trying to assist a client in debugging the launching of a .NET ClickOnce application from a SAML setup. The way this normally works:
User logs into the identity provider site (https://company.identityprovider.com).
User clicks on the service provider link to launch "MyApplication" (https://www.myapplication.com).
MyApplication authenticates the user successfully and redirects the browser to an installer link at https://installer.myapplication.com.
The installer link kicks off the ClickOnce process, which downloads and launches the .NET application, and everything is groovy.
What's happening is that with one specific test user, let's call her Mary, when Mary gets to step 4, the ClickOnce application does not launch. I used Fiddler to validate that steps 1 - 3 are working as expected, and I even see the correct deployment manifest coming back from the installer site, so it's just like IE is not trusting it. So Mary just ends up sitting at the intermediate page (the form that submits the SAML assertion).
Facts:
Other people do not have this problem, so it's likely something related to Mary's specific setup (she's on a Windows 7 machine).
If I take the installer URL and manually copy-n-paste it into a new tab within IE, the ClickOnce installer does launch, so it seems to be an issue ONLY when the installer URL is accessed from within the whole SAML flow/redirection.
I've added all the domains into the Trusted Sites list (https://company.identityprovider.com, https://*.myapplication.com).
I've reset the security level for the Trusted Sites zone back to its default level (which should address the normal settings, like running Authenticode-signed components, etc), and I've also synced her advanced IE settings so that they're the same as another workstation/user that DOES work.
I've tried editing the registry and adding/enabling the TrustManagerPromptingLevel key structure for .NET Framework per MSDN:
https://msdn.microsoft.com/en-us/library/ee308453.aspx
I'm beginning to think that there's a group policy setting in play that might be impacting this user and not others. However, there's a separate department that manages those settings, so I'm hoping for some suggestions on what I should ask them to check out, or other suggestions on things to try.
internet-explorer group-policy clickonce
I am trying to assist a client in debugging the launching of a .NET ClickOnce application from a SAML setup. The way this normally works:
User logs into the identity provider site (https://company.identityprovider.com).
User clicks on the service provider link to launch "MyApplication" (https://www.myapplication.com).
MyApplication authenticates the user successfully and redirects the browser to an installer link at https://installer.myapplication.com.
The installer link kicks off the ClickOnce process, which downloads and launches the .NET application, and everything is groovy.
What's happening is that with one specific test user, let's call her Mary, when Mary gets to step 4, the ClickOnce application does not launch. I used Fiddler to validate that steps 1 - 3 are working as expected, and I even see the correct deployment manifest coming back from the installer site, so it's just like IE is not trusting it. So Mary just ends up sitting at the intermediate page (the form that submits the SAML assertion).
Facts:
Other people do not have this problem, so it's likely something related to Mary's specific setup (she's on a Windows 7 machine).
If I take the installer URL and manually copy-n-paste it into a new tab within IE, the ClickOnce installer does launch, so it seems to be an issue ONLY when the installer URL is accessed from within the whole SAML flow/redirection.
I've added all the domains into the Trusted Sites list (https://company.identityprovider.com, https://*.myapplication.com).
I've reset the security level for the Trusted Sites zone back to its default level (which should address the normal settings, like running Authenticode-signed components, etc), and I've also synced her advanced IE settings so that they're the same as another workstation/user that DOES work.
I've tried editing the registry and adding/enabling the TrustManagerPromptingLevel key structure for .NET Framework per MSDN:
https://msdn.microsoft.com/en-us/library/ee308453.aspx
I'm beginning to think that there's a group policy setting in play that might be impacting this user and not others. However, there's a separate department that manages those settings, so I'm hoping for some suggestions on what I should ask them to check out, or other suggestions on things to try.
internet-explorer group-policy clickonce
internet-explorer group-policy clickonce
asked Mar 8 '18 at 21:15
jhilgemanjhilgeman
1033
1033
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1301735%2fie-not-launching-clickonce-application-on-redirect%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1301735%2fie-not-launching-clickonce-application-on-redirect%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown