CEF Forum

I have two vendor applications which appear to have broken due to Google authentication checks for embedded browsers. However both apps are using SAML authentication rather than Google oAuth. Wondering whether anyone else has hit this problem and how they resolved.

After many back and forth with Google Support they could not provide a coherent answer to how SAML redirects are supposed to work with oAuth in an embedded browser.

THoughts appreciated.

Is anyone else seeing this. App developers don't know how to fix this and Google did a massive shoulder shrug.

Two apps using embedded browser are now being blocked by Google as "App or browser is not secure". Apparently this is a new message that Google wants you to use oAuth to access Google login due to concerns over credential stealing. This however appears to broken apps that used the embedded browser to access their full functionality and offered SAMl based federated login. Not clear how SAMl and oAuth are supposed to work in this scenario.

Yes, everyone can see your message.
In my case, I've never used SAML, only OAuth2.
I'm sorry but I don't know how to help you.