Iphone error using APM SAML
Greeting all,
I’ve federated with Office 365, I used an iApp () to accomplish it. It works as expected for internal and external clients, except for iPhones (current version of iOS).
The iApp was modified to allow for Kerberos SSO internally. Externally it uses HTTP basic.
I opened a case with F5 support and we did some packet captures to see what the clients were posting to the SAML IdP. With an Android, the pcap looks like this:
The above pcap includes an Authorization header. The iPhone request is different, and does not include that header:
According to F5 Support, since the Authorization Header is missing from the POST on the iphone, the APM throws a redirect and the client barfs on that. The fallout of that is that client displays an invalid nonce error like this:
F5 Support believes this is a bug in the iOS, I guess that wouldn’t be the first time! Has anyone come across this issue using the APM as an IdP for Office 365 as the SP and iPhone clients?
Thanks for any suggestions you have. Cheers, Mike