Iphone error using APM SAML

Hi lcp,

I don't know if anything is different in iOS 12. I've come to discover that all MS native apps for smart devices behave differently than the web based apps.

Most recently I came across this: MS-Teams, when accessed through a browser it worked fine. But if I install the Teams app, it did not. This occurred across devices and it didn't matter if I used a Surface, iPhone, Android, whatever. If I accessed via a browser, all was good. If I used the app, it failed. I think it might be that the native apps only use WS-Fed, not SAML. I don't know how to work around that, I don't even run AD-FS. What I did is change to pass through authentication (PTA) (https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta).

Now all my clients work! I no longer use APM as an ID provider.

Maybe someone has experience with WS-Fed integration with APM? I'd be interested to see if APM could still be used without the need for AD-FS to handle WS-Fed. My gut tells me that clever APM users might sniff out the WS-Fed URL and forward it to AD-FS. My original design goal was to avoid AD-FS altogether. PTA does meet that goal, so for now I'm sticking with it.

When you find your solution, update this post.

Cheers, Mike