No one has responded to this discussion for at least a year, so this information may be out of date. If you're looking for information about this topic, please search for a more recent discussion or post a new question.

Please fix the authentication protocols - they just don't work properly

  • 5 Followers
  • 32 Replies |
  • This post has 1 verified answer |
Answered (Verified) This question is answered

Switching from one account to another, if I sign out and sign back in again, I have to go through the "you are not a member...." nonsense and sign in AGAIN. And still I get the daft "you are not a member..." routine. Is there anyway this could be made to work like every other service where "sign out" actually means what it says?

And I'm not looking for an explanation of why it happens, I'm asking to have it fixed so it works the way most people would expect it to work.   

webbrewers | Easy to use sites | Low/no cost hosting
  • Post Points: 5
Verified Answer
  • Hi mchv2.0,

    This is Jonis from Microsoft SharePoint Online Support.

    While you are “not looking for an explanation of why it happens”, I can assure you that we are fully aware of how the sign out is functioning in Office 365 and that it is by design. 

    Because your SharePoint Online web sessions are maintained by web browser cookies, the sign-out process for web services forces the session cookies to expire. These session cookies are used to maintain the application session. However, because the web browser is still running, the user still has a valid authentication cookie and is not required to sign in to the resource again. By default, this authentication cookie is valid for eight hours. It is force-cleared only when the user closes the web browser. Therefore, when the web browser tries to reload the application sign-in screen when a user signs out, the session cookie is cleared. However, the web browser is instantly authenticated by the authentication cookie. This authentication signs the user back in to the web application, and a new session cookie is generated.

    The kb2507767 article posted by, Robert Li MSFT Support, provides the appropriate method to clear the Claims Based Authentication Security Assertion Markup Language (SAML) token.  If you do not use that method to clear the security token it will be valid for its 8 hour lifetime.

    The error message “Your computer isn't authorized to perform this action. Please contact an administrator” sounds like a local UAC or local client administrator permissions issue.

    Correlation ID errors are generally temporary so I suggest that you attempt to navigate to that URL one more time and see if the issue resolves itself.

    If that does not answer your question please let me know as I will continue to monitor this thread for a few days and will reply to any additional posts or questions.

    Jonis Estrem

    Microsoft Office 365 SharePoint Support

    • Top 75 Contributor
    • Post Points: 0
All Replies
  • I just tried signing into this community with a different id than I was logged in with and no matter how many times I clicked "sign out",  I couldn't. It just kept cycling back to  the "create an account" page. Does MSFT think this is normal and expected behavior?
    webbrewers | Easy to use sites | Low/no cost hosting
    • Top 10 Contributor
    • Post Points: 0
  • Hi mchv2.0,

    Before moving on, I’d like to confirm your situation:
    1.When you tried to sign out your sharepoint web site, you got this error message “You are not a member…”.
    If I have any misunderstanding, please feel free to correct me.
    2. When you tried to sign in community with different ID, you couldn’t switch to another account.
    If this is the case, please follow steps below:
    1. If you want to sign in community with different ID, you can sign in another account via InPrivate Browsing.

    2. You can sign in your other account via different Browser (eg. Firefox, Chrome)
    3. Clean the cache of Browser is also a workaround for this scenario.
    PS. For your first question, I’d appreciated that if you could describe your situation in detail or upload a screenshot.

    Thanks,
    Robert Li

    • Top 150 Contributor
    • Post Points: 0
    Suggested by
  • Robert,

    I can't give any more detail and a screenshot wouldn't help. I never check "keep me signed in" or "remember me" so would expect "sign out" to sign me out- everytime. I shouldn't have to use in private browsing or do anything else for this to work. If you're saying you've never experienced this, and it shouldn't be happening then I'll file a service request.

    webbrewers | Easy to use sites | Low/no cost hosting
    • Top 10 Contributor
    • Post Points: 0
  • Hi mchv2.0,

    Thanks for your reply.
    Please follow this link to deal with this issue:
    http://support.microsoft.com/kb/2507767
    Please pay attention to method 3.

    PS. If you’ve created a service request, can you provide the SR number for me via private message, so that I can help you to check it.

    Thanks,
    Robert Li

    • Top 150 Contributor
    • Post Points: 0
  • Robert,

    Method 3 says:

    "Remove microsoftonline.com entries from the Trusted sites zone and from the Local Intranet zone in Internet Explorer. ."

    The only reason I have that in trusted sites is because we are told to do that to solve other access problems with 365.!!

    It also says"

    "Note This method does not work for Scenario 1 of the "Symptoms" section"

    Scenario 1

    • When a user signs out of Office 365 portal or out of Outlook Web App, the user is not signed out of Microsoft SharePoint Online. 
    • When a user signs out of SharePoint Online, the user is not signed out of the Office 365 portal or out of Outlook Web App.
    So it's not really going to solve the problem.

    I'm left wondering what the purpose of the "Keep me signed in" and "remember me" check boxes is? I could understand it if they offered a choice about staying signed in as they suggest they do. But apparently they don't and you stay signed in anyway.

    I also wonder why MSFT feels the need to override a user's decision. If I don't check "keep me signed in" and take the trouble to click "sign out" I obviously want to sign out - why is that simple process interfered with? 

     

    webbrewers | Easy to use sites | Low/no cost hosting
    • Top 10 Contributor
    • Post Points: 0
  • Hi mchv2.0,

    Thanks for your post. The reason of remove the "*.microsoftonline.com" from the trusted site is there is a option can keep the user sign-in the website when they ready to log-out.  You can take a look the following picture.

     

    As for this case, I'd like you can update IE  to the latest updates and try again.

    Thanks, Neo Zhu

     

    • Top 25 Contributor
    • Post Points: 0
  • Neo,

    I'm trying to keep this simple here:

    When I click "sign out", I want to be signed out so I can sign in with a different id. I don't want to make any changes to browser or other settings or have to update the browser as I can't expect users to comply with that. 

    This is the way the rest of the world works and maintaining a different set of rules for O365 with no resultant tangible benefit is never going to fly.

    webbrewers | Easy to use sites | Low/no cost hosting
    • Top 10 Contributor
    • Post Points: 0
  • Hi mchv2.0,

    Thanks for your reply.
    I understand that you don’t want to make any changes to deal with this. So, please post your feedback here: http://g.microsoftonline.com/0BX11EN/135, we are very appreciated for your advice.

    Thanks,
    Robert Li

    • Top 150 Contributor
    • Post Points: 0
  • Sending feedback to people who seem to believe this is how things should work seems redundant.

    Another daft error message today when logging into Sharepoint Designer with a different id:

    "Your computer isn't authorized to perform this action. Please contact an administrator." 

    Clicking cancel apparently authorizes me because when I do, I get logged in fine. I can't believe that would be considered "normal" if it were seen by the people at MSFT responsible for 365, but I'm beginning to wonder if they are actually aware of what happens in the real world. 

    webbrewers | Easy to use sites | Low/no cost hosting
    • Top 10 Contributor
    • Post Points: 0
  • Here's another one, after entering a 365 url in the browser:

    Error

    An unexpected error has occurred.

    Troubleshoot issues with Microsoft SharePoint Foundation.

    Correlation ID: 02373af7-617f-41ad-a841-55e9a2c164a2

    Date and Time: 6/6/2012 4:47:04 PM

     
    webbrewers | Easy to use sites | Low/no cost hosting
    • Top 10 Contributor
    • Post Points: 0
  • Hi mchv2.0,

    This is Jonis from Microsoft SharePoint Online Support.

    While you are “not looking for an explanation of why it happens”, I can assure you that we are fully aware of how the sign out is functioning in Office 365 and that it is by design. 

    Because your SharePoint Online web sessions are maintained by web browser cookies, the sign-out process for web services forces the session cookies to expire. These session cookies are used to maintain the application session. However, because the web browser is still running, the user still has a valid authentication cookie and is not required to sign in to the resource again. By default, this authentication cookie is valid for eight hours. It is force-cleared only when the user closes the web browser. Therefore, when the web browser tries to reload the application sign-in screen when a user signs out, the session cookie is cleared. However, the web browser is instantly authenticated by the authentication cookie. This authentication signs the user back in to the web application, and a new session cookie is generated.

    The kb2507767 article posted by, Robert Li MSFT Support, provides the appropriate method to clear the Claims Based Authentication Security Assertion Markup Language (SAML) token.  If you do not use that method to clear the security token it will be valid for its 8 hour lifetime.

    The error message “Your computer isn't authorized to perform this action. Please contact an administrator” sounds like a local UAC or local client administrator permissions issue.

    Correlation ID errors are generally temporary so I suggest that you attempt to navigate to that URL one more time and see if the issue resolves itself.

    If that does not answer your question please let me know as I will continue to monitor this thread for a few days and will reply to any additional posts or questions.

    Jonis Estrem

    Microsoft Office 365 SharePoint Support

    • Top 75 Contributor
    • Post Points: 0
  • Jonis,

    I don't see anyone requesting this or saying how well it works  - all I see and hear are complaints about the confusion and frustration it causes. So if it's "by design", I'm afraid it's a bad design. Keeping it simple again:

    when you click "sign out", any tokens or cookies running should be overridden.

    That's what everyone I know expects and wants. They do not want O365 or their computer ignoring  their decisions or making decisions for them.   

    webbrewers | Easy to use sites | Low/no cost hosting
    • Top 10 Contributor
    • Post Points: 0
  • I should add that it doesn't even always work as you describe. I just logged out of an id and in with another id for a different account without any problem in the same browser window. Usually I get the errors mentioned. This inconsistecy of experience is part of the problem which would easily be addressed by what I suggested above.
    webbrewers | Easy to use sites | Low/no cost hosting
    • Top 10 Contributor
    • Post Points: 0
  • Another symptom of the broken authentication set up:

    When I'm logged in with one admin id and click "open with Explorer" in a doc library I get the erroneous error message:

    "you don't have permission to perform this action" 

    I open network places and navigate to the site and get the same result

    I open Sharepoint Designer and it logs me in fine..

    I go back to the 365 account and am still logged in no problem.

    So the claims token or whatever it is recognizes I'm logged in. But it doesn't work. 

    What could possibly be a rational explanation for this? I'm so sick and tired of fighting with this everyday - somedays it works, some days it doesn't. I also read here everyday other users having the same problems yet the only response I see is "it works".

    When is it going to be fixed?

    webbrewers | Easy to use sites | Low/no cost hosting
    • Top 10 Contributor
    • Post Points: 0
Page 1 of 3 (33 items) 1|2|3|