locked
Mac client cannot authenication o365 with ADFS 4.0 RRS feed

All replies

  • Verify the following

    • The DNS record for the federation service does not resolve to the WAP internally
    • The user-agent of the specific version of the browser in question is correct
    • Ensure Windows Authentication is an enabled Authentication Policy
    • Your Mac devices have a ticket in the kerbtray to apply
    • Safari is configured for Integrated Windows Authentication

    Speaking from my own experience, Safari is the most prone to breaking with IWA, because sneaky updates can break it. The UA is subject to change and may need to be updated in your farm. Chrome has the most solid configuration for IWA support on Mac devices.

    Eventually we rolled out NoMAD for our Mac devices and it seemed to smooth out any Kerberos issues we had. On paper, Safari + IWA is "supported natively" by virtue of supporting SPNEGO, but it still had its share of issues in our environment.





    • Edited by NexusAdmin Friday, May 31, 2019 3:05 AM
    Friday, May 31, 2019 2:46 AM