https://jfx.ac/tags/firefox/Recent content in Firefox on jfx's siteHugoenTue, 02 Apr 2024 00:00:00 +0000https://jfx.ac/blog/logging-into-entra-id-fido2-firefox-linux/Tue, 02 Apr 2024 00:00:00 +0000https://jfx.ac/blog/logging-into-entra-id-fido2-firefox-linux/<h2 id="introduction">Introduction</h2> <p>Entra ID (formerly Azure AD) is a widely used IDP in many enterprise environments. Despite <a href="https://www.mozilla.org/en-US/firefox/114.0/releasenotes">Mozilla enabling FIDO2 support by default (as of 114.0)</a>, you cannot login to Entra ID with Firefox on Linux out of the box.</p> <p>The two are listed as incompatible <a href="https://learn.microsoft.com/en-us/entra/identity/authentication/concept-fido2-compatibility#web-browser-support">in Microsoft&rsquo;s documentation</a>, but Chromium on Linux works fine.</p> <p>After some digging, I&rsquo;ve found that Firefox works with simple workarounds.</p> <h2 id="workarounds">Workarounds</h2> <h3 id="1-set-your-user-agent-to-a-chromium-browser">1) Set your user agent to a Chromium browser</h3> <ul> <li>You can test this quickly by setting <code>general.user.agent.override</code> in <code>about:config</code> to a Chromium user-agent <ul> <li>e.g. <code>Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36</code></li> </ul> </li> <li>Or you can install a <a href="https://addons.mozilla.org/en-US/firefox/addon/user-agent-string-switcher/">User Agent Switcher addon</a></li> </ul> <p>This works but means you must always spoof your user-agent, at least for Entra ID. I was glad to find this, but I wanted to figure out <em>why</em> this works.</p>