Forum Discussion
AltocumulusIphone error using APM SAML
AltocumulusHi lcp,
I don't know if anything is different in iOS 12. I've come to discover that all MS native apps for smart devices behave differently than the web based apps.
Most recently I came across this: MS-Teams, when accessed through a browser it worked fine. But if I install the Teams app, it did not. This occurred across devices and it didn't matter if I used a Surface, iPhone, Android, whatever. If I accessed via a browser, all was good. If I used the app, it failed. I think it might be that the native apps only use WS-Fed, not SAML. I don't know how to work around that, I don't even run AD-FS. What I did is change to pass through authentication (PTA) (https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta).
Now all my clients work! I no longer use APM as an ID provider.
Maybe someone has experience with WS-Fed integration with APM? I'd be interested to see if APM could still be used without the need for AD-FS to handle WS-Fed. My gut tells me that clever APM users might sniff out the WS-Fed URL and forward it to AD-FS. My original design goal was to avoid AD-FS altogether. PTA does meet that goal, so for now I'm sticking with it.
When you find your solution, update this post.
Cheers, Mike
