Skip to content

/plugin install fails on SSO-protected (EMU) repositories due to unauthenticated URL redirect resolution #2437

Open
Open
/plugin install fails on SSO-protected (EMU) repositories due to unauthenticated URL redirect resolution#2437
Labels
triage
@ronniegeraghty

Description

@ronniegeraghty
ronniegeraghty
opened on Mar 31, 2026

Description

The /plugin install command fails when installing plugins from GitHub repositories that are protected by SAML SSO (e.g., Enterprise Managed User orgs).

Steps to reproduce

  1. Have a GitHub EMU account with access to an internal/SSO-protected org (e.g., coreai-microsoft)
  2. Confirm git clone works directly: 
    git clone https://github.com/coreai-microsoft/devex-reviews
# succeeds
  3. In Copilot CLI, run: 
    /plugin install https://github.com/coreai-microsoft/devex-reviews
  4. Installation fails.

Root cause (from logs)

The plugin install code resolves the URL via an unauthenticated HTTP request before cloning. For SSO-protected repos, GitHub redirects unauthenticated requests to the enterprise SSO page:

Resolved redirect: https://github.com/coreai-microsoft/devex-reviews
  -> https://github.com/enterprises/microsoft/sso?return_to=https%3A%2F%2Fgithub.9909958.xyz%2Fcoreai-microsoft%2Fdevex-reviews

The plugin code then passes this SSO redirect URL to git clone, which fails:

fatal: https://github.com/enterprises/microsoft/sso?return_to=.../info/refs not valid: is this a git repository?

Expected behavior

/plugin install <url> should work for any repo that the user's git credentials can access. The URL redirect resolution step should either:

  1. Skip HTTP redirect resolution and pass the original URL directly to git clone (which handles auth via Git Credential Manager), or
  2. Use authenticated requests (e.g., via GITHUB_TOKEN env var or gh auth token) when resolving redirects, or
  3. Fall back to the original URL when the redirect target is not a valid git repository

Current workaround

Clone the repo locally first, then install from the local path:

git clone https://github.com/coreai-microsoft/devex-reviews C:\path\to\local-clone
# then in Copilot CLI:
/plugin install C:\path\to\local-clone

Environment

  • Copilot CLI version: 1.0.15-0
  • OS: Windows 11
  • Git Credential Manager with multiple GitHub accounts (public + EMU)
  • GITHUB_TOKEN was set to the EMU token - did not help (the HTTP redirect resolution doesn't use it)

Metadata

Metadata

Assignees

No one assigned

    Labels

    triage

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions