Forum Discussion
Gavin_Connell-O
Nimbostratus
NimbostratusClient side Kerberos problem with Mac OSX 10.9 and Safari 7.0.2
Hi all,
I've got a working client side SSO access policy in APM providing access to an internal intranet. It works perfectly with Windows clients (with the right browser config) and I can get it...
Gavin_Connell-ONimbostratus
NimbostratusHere's the APM log of a working connection using Windows and Internet Explorer. Have a look at the two lines at the end in bold.
./AccessPolicyProcessor/Session.h func: "setSessionInactive()" line: 852 Msg: a13f9d67: done with request processing
is followed by
AccessPolicyD.cpp func: "process_request()" line: 710 Msg: Received Session Id: "a13f9d67"
but in the Mac session, the next line is
7ba89460: Session deleted due to user logout request.
and the user gets a log out APM page saying, "Your session could not be established. Invalid Session ID. The session may have expired"
Is the APM session ID getting dropped somehow? Before the kerberos agent can process?
Aug 5 14:56:19 slot1/ProdSAML1 notice tmm1[11234]: 01490506:5: a13f9d67: Received User-Agent header: Mozilla%2f5.0%20(Windows%20NT%206.1%3b%20WOW64)%20AppleWebKit%2f537.36%20(KHTML%2c%20like%20Gecko)%20Chrome%2f36.0.1985.125%20Safari%2f537.36.
Aug 5 14:56:19 slot1/ProdSAML1 notice tmm1[11234]: 01490544:5: a13f9d67: Received client info - Type: Mozilla Version: 5 Platform: Win7 CPU: unknown UI Mode: Full Javascript Support: 1 ActiveX Support: 0 Plugin Support: 1
Aug 5 14:56:19 slot1/ProdSAML1 notice tmm1[11234]: 01490500:5: a13f9d67: New session from client IP 130.195.246.55 (ST=Wellington/CC=NZ/C=OC) at VIP 130.195.2.22 Listener /Common/staff-o365-sso-vs (Reputation=Unknown)
Aug 5 14:56:19 slot1/ProdSAML1 debug apd[8333]: 01490000:7: HTTPParser.cpp func: "readFromSocket()" line: 74 Msg: Header received: GET /my.policy HTTP/1.1 client-session-id: 47985462004dd7a5a0564d20a13f9d67 session-key: f796bf4ea09794c31c3419c7a13f9d67 profile-id: /Common/Office365-SSO session-id: a13f9d67 snapshot-id: 17872035831f42_29ooooooooooooooo cmp-pu: 1
Aug 5 14:56:19 slot1/ProdSAML1 debug apd[8333]: 01490000:7: AccessPolicyD.cpp func: "process_request()" line: 710 Msg: Received Session Id: "a13f9d67"
Aug 5 14:56:19 slot1/ProdSAML1 info apd[8333]: 01490006:6: a13f9d67: Following rule 'fallback' from item 'Start' to item 'IP Subnet Check'
Aug 5 14:56:19 slot1/ProdSAML1 debug apd[8333]: 01490000:7: ./AccessPolicyProcessor/Session.h func: "getSessionVar()" line: 303 Msg: variable "session.user.clientip" was not found in the local cache for session "a13f9d67"
Aug 5 14:56:19 slot1/ProdSAML1 debug apd[8333]: 01490000:7: memcache.c func: "mc_convert_session_var_to_mc_key()" line: 1160 Msg: Converted Var: session.user.clientip to Session Var tmm.session.a13f9d67.session.user.clientip
Aug 5 14:56:19 slot1/ProdSAML1 info apd[8333]: 01490006:6: a13f9d67: Following rule 'VUW Subnet' from item 'IP Subnet Check' to item 'Client OS'
Aug 5 14:56:19 slot1/ProdSAML1 debug apd[8333]: 01490000:7: ./AccessPolicyProcessor/Session.h func: "getSessionVar()" line: 303 Msg: variable "session.client.platform" was not found in the local cache for session "a13f9d67"
Aug 5 14:56:19 slot1/ProdSAML1 debug apd[8333]: 01490000:7: memcache.c func: "mc_convert_session_var_to_mc_key()" line: 1160 Msg: Converted Var: session.client.platform to Session Var tmm.session.a13f9d67.session.client.platform
Aug 5 14:56:19 slot1/ProdSAML1 info apd[8333]: 01490006:6: a13f9d67: Following rule 'Kerberized OS' from item 'Client OS' to item 'HTTP 401 Response'
Aug 5 14:56:19 slot1/ProdSAML1 debug apd[8333]: 01490011:7: a13f9d67: Logon agent: ENTER Function executeInstance Aug 5 14:56:19 slot1/ProdSAML1 debug apd[8333]: 01490012:7: a13f9d67: Logon agent: LEAVE Function executeInstance
Aug 5 14:56:19 slot1/ProdSAML1 info apd[8333]: 01490004:6: a13f9d67: Executed agent '/Common/Office365-SSO_act_HTTP_401_Response_ag', return value 3
Aug 5 14:56:19 slot1/ProdSAML1 debug apd[8333]: 01490000:7: memcache.c func: "mc_convert_session_var_to_mc_key()" line: 1160 Msg: Converted Var: session.apd.id to Session Var tmm.session.a13f9d67.session.apd.id Aug 5 14:56:19 slot1/ProdSAML1 info apd[8333]: 01490007:6: a13f9d67: Session variable 'session.apd.id' set to '1'
Aug 5 14:56:19 slot1/ProdSAML1 debug apd[8333]: 01490000:7: memcache.c func: "mc_convert_session_var_to_mc_key()" line: 1160 Msg: Converted Var: session.basicrealm to Session Var tmm.session.a13f9d67.session.basicrealm Aug 5 14:56:19 slot1/ProdSAML1 info apd[8333]: 01490007:6: a13f9d67: Session variable 'session.basicrealm' set to 'staff.vuw.ac.nz'
Aug 5 14:56:19 slot1/ProdSAML1 debug apd[8333]: 01490000:7: memcache.c func: "mc_convert_session_var_to_mc_key()" line: 1160 Msg: Converted Var: session.logon.page.customization.group to Session Var tmm.session.a13f9d67.session.logon.page.customization.group
Aug 5 14:56:19 slot1/ProdSAML1 info apd[8333]: 01490007:6: a13f9d67: Session variable 'session.logon.page.customization.group' set to '/Common/Office365-SSO_act_HTTP_401_Response_ag'
Aug 5 14:56:19 slot1/ProdSAML1 debug apd[8333]: 01490000:7: ./AccessPolicyProcessor/Session.h func: "setSessionInactive()" line: 852 Msg: a13f9d67: done with request processing
Aug 5 14:56:19 slot1/ProdSAML1 debug apd[8333]: 01490000:7: AccessPolicyD.cpp func: "process_request()" line: 710 Msg: Received Session Id: "a13f9d67"
Aug 5 14:56:19 slot1/ProdSAML1 debug apd[8333]: 01490011:7: a13f9d67: Logon agent: ENTER Function executeInstance Aug 5 14:56:19 slot1/ProdSAML1 debug apd[8333]: 01490012:7: a13f9d67: Logon agent: LEAVE Function executeInstance