Clicking on links from MS Office opens 2 browser tabs when SAML SSO is enabled

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform Notice: Cloud, Server, and Data Center - This article applies equally to all platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Problem

When embedding a hyperlink to a Confluence page in Microsoft Office and clicking on it, 2 browser tabs are opened:

  • 1 with the intended page
  • 1 with a SAML login failure message

Diagnosis

The steps to reproduce this issue are:

  • Open MS Word, PowerPoint, etc

  • Copy the URL of a Confluence page 
  • Paste this in the Office document
  • Navigate to this link from the Office document by clicking on it or by holding down Ctrl + clicking on the link
  • 2 browser tabs will open instead of the expected 1 tab

Cause

Microsoft has identified this issue and provides an explanation in their article You are redirected to a logon page or an error page, or you are prompted for authentication information when you click a hyperlink to a SSO Web site in an Office document

Office lets you edit and author documents on a Web site if the server supports Web authoring and collaboration. First, Office tries to communicate with the Web server. Then Office tries to directly bind to the resource by using the Microsoft Hyperlink Library (Hlink.dll) and the URLMON API.

When Office sends the Web page request, you may be redirected to the Web site logon page for the SSO system. This behavior occurs because the Office session is independent of the Web browser session in which you may have already provided user credentials.

Because the sessions are independent, session cookies are not shared. If the SSO system exclusively relies on session cookie information, the SSO system may not appear to work because the same user moves from more than one session. This behavior is a fundamental design limitation of an SSO system when the SSO system is not designed to support SSO authentication across more than one browser or Web-aware application on the client desktop. 

Workaround

Please reference Microsoft's article for resolution steps: Error message when clicking hyperlink in Office: "Cannot locate the Internet server or proxy server"

Adding the Internet Subkey to the Registry and Setting the Value Data

To work around this issue, either add the ForceShellExecute subkey, if it is not present, and set the Value data, or if it is present, set the Valuedata of the ForceShellExecute subkey.

  1. Quit any programs that are running.
  2. select Start, and then select Run. Type regedit in the Open box, and then select OK.
  3. In Registry Editor, browse to one of the following subkey (create the keys when they do not exist):
    • For a 32 Bit version of Office on 64 bit version of Windows
      • HKLM\SOFTWARE\Wow6432Node\Microsoft\Office\9.0\Common\Internet\
    • For a 32 Bit version of Office on 32 bit version of Windows
      • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\9.0\Common\Internet\
    • For a 64 Bit version of Office on 64 bit version of Windows
      • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\9.0\Common\Internet\
  4. Make sure the Internet subkey is selected. On the Edit menu, point to New, and then select DWORD Value. Add the following registry value:
    • Value Name: ForceShellExecute
  5. Double-click ForceShellExecute, and then set the Value data to 1. Select OK.
  6. On the Registry menu, select Exit.


DescriptionClicking on links from MS Office opens 2 browser tabs when SAML SSO is enabled
ProductConfluence

Last modified on Mar 21, 2024

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.