Scribd
Upload
57 views12 pages

Fix L I Swift

Uploaded by

Bùi Thanh Bình
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
57 views12 pages

Fix L I Swift

Uploaded by

Bùi Thanh Bình
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 12

12/12/24, 3:21 PM Knowledge Centre

Swift WebAccess GUI users unable to


login to WebAccess services using HSM-
based certificates - "No token or login
detected" error or prompted for swift.com
Updated

ID Last Product & Change Found Fixed


5026313 update release request in in
22 SWIFT APISNI- - -
November WebAccess 6494
2024

Swift WebAccess GUI users unable to login to WebAccess services


using HSM-based certificates - "No token or login detected" error or
prompted for swift.com

Description
After logging into the WebAccess GUI and browsing to a
WebAccess service, users with an HSM-based certificate may see
a "No token or login detected" error or are redirected to sign in with
their swift.com credentials.
This error may occur when using Google Chrome 115 or higher,
Microsoft Edge 115 or higher, or Mozilla Firefox.

https://www2.swift.com/knowledgecentre/kb_articles/5026313?protected=true&reload-date=1733990961016 1/12
12/12/24, 3:21 PM Knowledge Centre

Not all WebAccess GUI users with an HSM-based certificate are


affected.

Note 1: Users with a personal token-based certificate can see the


"No token or login detected" error for a different reason.
If you use a personal token-based certificate and encounter the
"No token or login detected" error, refer to KB article 5023817.

Note 2: Users that did not import the certificate of their Web
Platform in their web browser will also get this error. In that case
they will also notice that there is a certificate error next to the URL
of their Web Platform.
If you have a certificate error in the Web Platform tab, refer to
KB article 5022893 to correct the certificate error, then apply the
steps in this article.

Symptoms
After logging into the WebAccess GUI and clicking the link to your
service, such as O2M or the RMA Portal, you are redirected to the
URL https://idp.swiftnet.sipn.swift.com/idp/appletsignon?
sconn=false with the following error message on the screen: "No
token or login detected. Please login to WebAccess GUI or install
the token software on your PC."

https://www2.swift.com/knowledgecentre/kb_articles/5026313?protected=true&reload-date=1733990961016 2/12
12/12/24, 3:21 PM Knowledge Centre

Users trying to access the Swift GPI service (swift.tracker or


swift.tracker!p), will not see the same "No token or login detected"
error. Instead, users are redirected to sign in with their swift.com
credentials.

https://www2.swift.com/knowledgecentre/kb_articles/5026313?protected=true&reload-date=1733990961016 3/12
12/12/24, 3:21 PM Knowledge Centre

Information
Google Chrome, Microsoft Edge, and Mozilla Firefox rolled out a
feature enabling the partitioning of third-party storage.
Chrome and Edge version 115 to 118, this feature may be
enabled for some users, depending on browser variations.
For more information see
https://developer.chrome.com/docs/web-platform/chrome-
variations/.
Chrome and Edge, as of version 119, this feature is enabled for
all users by default.
https://www2.swift.com/knowledgecentre/kb_articles/5026313?protected=true&reload-date=1733990961016 4/12
12/12/24, 3:21 PM Knowledge Centre

Firefox, this feature is tied to the user's browser privacy settings.

Swift WebAccess GUI users must allow third-party storage access


between the SwiftNet Identity Provider (IdP) and the Alliance Web
Platform. When third-party storage partitioning is enabled, an
exception must be added to disable third-party storage partitioning
for the origin of your Alliance Web Platform.
When using the Chrome or Edge browser, inspecting the Local
Storage for Swift IdP under the Application tab in the browser
Developer Tools console, the presence of the Origin, Top-level site
and Is third-party fields are indicative that third-party storage
partitioning is enabled.

Note - the Swift IdP URL for Production is


https://idp.swiftnet.sipn.swift.com

Solution
Add your Web Platform to a list of exception for which third-party
storage partitioning is not enabled.

https://www2.swift.com/knowledgecentre/kb_articles/5026313?protected=true&reload-date=1733990961016 5/12
12/12/24, 3:21 PM Knowledge Centre

This configuration must be performed on the client computer or


deployed by GPO.
Chrome and Edge:
Liaise with your IT administrator to setup the
ThirdPartyStoragePartitioningBlockedForOrigins GPO or to create
the following Registry Key, on each workstation, depending on your
browser:
Chrome:
Software\Policies\Google\Chrome\ThirdPartyStoragePartitioningB
Edge:
Software\Policies\Microsoft\Edge\ThirdPartyStoragePartitioningB

Create a new String Value for the URL (shown in the tab's address
bar) of the WebAccess GUI hosted on Alliance Web Platform:
Example 1: when the domain is not present in the URL
URL used to connect to the WebAccess GUI is:
https://myserver001/swp/group/webaccess/
String Value = myserver001

https://www2.swift.com/knowledgecentre/kb_articles/5026313?protected=true&reload-date=1733990961016 6/12
12/12/24, 3:21 PM Knowledge Centre

Example 2: when the domain is present in the URL


URL used to connect to the WebAccess GUI:
https://myserver001.example.com/swp/group/webaccess/
To allow a single host the String Value =
myserver001.example.com
To allow your domain the String Value = [*.]example.com

For more information, see the following articles:


https://chromeenterprise.google/policies/#DefaultThirdPartyStora
https://chromeenterprise.google/policies/#ThirdPartyStoragePart

https://www2.swift.com/knowledgecentre/kb_articles/5026313?protected=true&reload-date=1733990961016 7/12
12/12/24, 3:21 PM Knowledge Centre

https://learn.microsoft.com/en-us/deployedge/microsoft-edge-
policies#defaultthirdpartystoragepartitioningsetting
https://learn.microsoft.com/en-us/deployedge/microsoft-edge-
policies#thirdpartystoragepartitioningblockedfororigins
https://developer.chrome.com/docs/web-platform/chrome-
variations/

Firefox:
Total Cookie Protection, built into Enhanced Tracking Protection in
Firefox, partitions third-party storage by default unless an exception
is added in the browser's Privacy & Security settings.
1. Enhanced Tracking Protection:

https://www2.swift.com/knowledgecentre/kb_articles/5026313?protected=true&reload-date=1733990961016 8/12
12/12/24, 3:21 PM Knowledge Centre

When the URL used to connect to the WebAccess GUI is:


https://myserver001/swp/group/webaccess/
Enter: https://myserver 001

https://www2.swift.com/knowledgecentre/kb_articles/5026313?protected=true&reload-date=1733990961016 9/12
12/12/24, 3:21 PM Knowledge Centre

When the domain is present in the URL used to connect to the


WebAccess GUI:
https://myserver001.example.com/swp/group/webaccess/
Enter the address including the domain:
https://myserver.example.com

2. Cookies and Site Data (on the same page below Enhanced
Tracking Protection):

https://www2.swift.com/knowledgecentre/kb_articles/5026313?protected=true&reload-date=1733990961016 10/12
12/12/24, 3:21 PM Knowledge Centre

For more information, see the following articles:


Total Cookie Protection and website breakage FAQ | Firefox
Help (mozilla.org)
Privacy on the web - State Partitioning - Storage Access
Heuristics (mozilla.org)

Non-Recommended Methods
Chrome and Edge:
https://www2.swift.com/knowledgecentre/kb_articles/5026313?protected=true&reload-date=1733990961016 11/12
12/12/24, 3:21 PM Knowledge Centre

Specific policies (DefaultThirdPartyStoragePartitioningSetting) or


flags (chrome://flags/#third-party-storage-partitioning or
edge://flags/#third-party-storage-partitioning) are available to
prevent third-party storage partitioning from being enabled, or to
turn off third-party storage partitioning. Swift does NOT recommend
using these settings, as they will affect all domains. Furthermore,
these settings will be deprecated as of Chrome and Edge version
129, to be released in September 2024.
Chromium Release Schedule
The recommended solution is to setup an exception for the Web
Platform using the ThirdPartyStoragePartitioningBlockedForOrigins
policy or add a registry key at each user's workstation, as described
in the section above. This must be done before installing Chrome or
Edge 129.
Firefox:
Third-party storage partitioning for all websites can be disabled
directly in the browser by changing the value of the preference
network.cookie.cookieBehavior (under about:config) to 4, or by
lowering the Firefox browser privacy Settings. Swift does NOT
recommend manually altering this setting as it will affect all
domains.
The recommended solution is to add an exception for your Web
Platform as described in the section above.
Swift is investigating this behaviour. We will update this article when
more information becomes available.

https://www2.swift.com/knowledgecentre/kb_articles/5026313?protected=true&reload-date=1733990961016 12/12

You might also like