Forum Discussion

rgordon_01's avatar
rgordon_01
Icon for Nimbostratus rankNimbostratus
Jun 01, 2016

IOS 9 Update Causing On-demand cert auth pop-up

Having an issue after updating ipads to IOS 9. The first time connecting to the VS /access policy the user is presented with a pop-up box - "link.com" requires a client certificate. Select the certificate to use when you connect to this website.-

 

User then selects the certificate that is displayed below and it proceeds to the login page. The pop-up does not come back again until you clear cache. The access policy is using the On-demand Cert Auth variable and it's set to "request". I've tried both request and require. The ipad that is still on IOS 8 does not have this issue. It automatically chooses the cert and continues with the access policy. When comparing the sessiondumps I noticed for IOS 9 on the original attempt this is missing- session.clientcert.ssl_agentnonce.

 

I'm trying to determine if this is an IOS issue and the app owner needs to resolve (because I have seen an issue similar to this in the past after an IOS upgrade) or if this is an f5 apm issue and there's an option or something that can be changed/configured.

 

IOS 9 sessiondump

 

6136ab09 10 SessionKey 6136ab09.session.access.profile 31 /Common/mobilesp_samp_policy_v2 6136ab09.session.client.activex 1 0 6136ab09.session.client.browscap_info 85 uimode=9&ctype=Safari&cversion=1&cjs=1&cactivex=0&cplugin=0&cplatform=iOS&cpu=unknown 6136ab09.session.client.cpu 7 unknown 6136ab09.session.client.js 1 1 6136ab09.session.client.platform 3 iOS 6136ab09.session.client.plugin 1 0 6136ab09.session.client.type 6 Safari 6136ab09.session.client.version 1 1 6136ab09.session.clientcert.ssl_rehandshake_pending 1 2 6136ab09.session.createdfrom 6 ACCESS 6136ab09.session.end 9 timed_out 6136ab09.session.ha_unit 32 c5f68c4bf82120ac4815eb39aa88f9d6 6136ab09.session.inactivity_timeout 5 28800 6136ab09.session.keydb.current 32 da8378793024e01bda6f264f6136ab09 6136ab09.session.keydb.final 32 da8378793024e01bda6f264f6136ab09 6136ab09.session.policy.result 11 not_started 6136ab09.session.server.landinguri 1 /

 

IOS 8 and any other attempt after original attempt on IOS 9

 

sessiondump 8ba1c6d4 8ba1c6d4 10 SessionKey 8ba1c6d4.saml./Common/mobilesp_samp_policy_v2_act_saml_auth_ag.SAMLRequest 5096 PHNhbWxwOkF1dGhuUmVxdWVzdCB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiBBc3NlcnRpb25Db25zdW1lclNlcnZpY2VVUkw9Imh0dHBzOi8vbW9iaWxlc3AuZmFtaWx5ZG9sbGFyLmNvbS9zYW1sL3NwL3Byb2ZpbGUvcG9zdC9hY3MiIERlc3RpbmF0aW9uPSJodHRwczovL3N0b3Jlc3NvLmZhbWlseWRvbGxhci5jb20vc2FtbC9pZHAvcHJvZmlsZS9yZWRpcmVjdG9ycG9zdC9zc28iIElEPSJfY2ZiZjZmNDU4NGJmZjE2ZWZlNDhmY2M5NDY3ZjFjY2YzN2U5MzciIElzc3VlSW5zdGFudD0iMjAxNi0wNi0wMVQxNjowNDowOS4wMDJaIiBQcm90b2NvbEJpbmRpbmc9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpiaW5kaW5nczpIVFRQLVBPU1QiIFZlcnNpb249IjIuMCI+PHNhbWw6SXNzdWVyIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPmh0dHBzOi8vbW9iaWxlc3AuZmFtaWx5ZG9sbGFyLmNvbTwvc2FtbDpJc3N1ZXI+PGRzOlNpZ25hdHVyZSB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PGRzOlNpZ25lZEluZm8geG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+PGRzOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Etc2hhMSIvPjxkczpSZWZlcmVuY2UgVVJJPSIjX2NmYmY2ZjQ1ODRiZmYxNmVmZTQ4ZmNjOTQ2N2YxY2NmMzdlOTM3Ij48ZHM6VHJhbnNmb3Jtcz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiLz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIj48ZWM6SW5jbHVzaXZlTmFtZXNwYWNlcyB4bWxuczplYz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIiBQcmVmaXhMaXN0PSJ4cyIvPjwvZHM6VHJhbnNmb3JtPjwvZHM6VHJhbnNmb3Jtcz48ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiLz48ZHM6RGlnZXN0VmFsdWU+Qm96SGZtKzlScDJidjNUSWR0U2YyUUpSaHk0PTwvZHM6RGlnZXN0VmFsdWU+PC9kczpSZWZlcmVuY2U+PC9kczpTaWduZWRJbmZvPjxkczpTaWduYXR1cmVWYWx1ZT5OdURidDd5QmhzRmZISGNEd2ViblAzbTJSNXgwMjFHOEcrdXlmelFJN3Z2amN6a3czVE1tUVllN040aUUwNWppd0lOK1VlWVJuSVhaK2cybDBDRSs4Y0lacGhBb21oSHhFVDk4QjB1d3F3M2NlS29OUXI4UmFyWURZRmtTSzI0K2Fsc3ZWUnhkclhJeWNLSysranBEanlhY1ZZNmVvQzZmZ25Md2lTeU53OEMwTUd4dlhZQzNWQ000S1RXV3krdXI2Y3YzdCtqU0pLeWVoZkNmUUd3YStlM3RWRmw1djRlc3B2WmlQYjhtV3Z1a3JzOUhobG1GbXRSb1Zsd0txeUNTUG5ZbUQ4QURmbTZVdWVySWF2REJkS3FJQTJRdXIzdGpsb2Z0dUhFZGhIWUFTS0xpR2Z0MEM1NndqMXZ6SFlwSG9CNGQvc2Jwbkd2ZXo0TzFvYjFNMkE9PTwvZHM6U2lnbmF0dXJlVmFsdWU+PGRzOktleUluZm8+PGRzOlg1MDlEYXRhPjxkczpYNTA5Q2VydGlmaWNhdGU+TUlJRnFEQ0NCSkNnQXdJQkFnSVFEVitxdWdqb2hmN0w4dkExOW5DV05UQU5CZ2txaGtpRzl3MEJBUXNGQURCdwpNUXN3Q1FZRFZRUUdFd0pWVXpFVk1CTUdBMVVFQ2hNTVJHbG5hVU5sY25RZ1NXNWpNUmt3RndZRFZRUUxFeEIzCmQzY3VaR2xuYVdObGNuUXVZMjl0TVM4d0xRWURWUVFERXlaRWFXZHBRMlZ5ZENCVFNFRXlJRWhwWjJnZ1FYTnoKZFhKaGJtTmxJRk5sY25abGNpQkRRVEFlRncweE5UQTRNalV3TURBd01EQmFGdzB4T0RFeE1UUXhNakF3TURCYQpNSHN4Q3pBSkJnTlZCQVlUQWxWVE1SY3dGUVlEVlFRSUV3NU9iM0owYUNCRFlYSnZiR2x1WVRFUk1BOEdBMVVFCkJ4TUlUV0YwZEdobGQzTXhJekFoQmdOVkJBb1RHa1poYldsc2VTQkViMnhzWVhJZ1UzUnZjbVZ6TENCSmJtTXUKTVJzd0dRWURWUVFEREJJcUxtWmhiV2xzZVdSdmJHeGhjaTVqYjIwd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQQpBNElCRHdBd2dnRUtBb0lCQVFDK0YxbGNLNVdLYlg5QUwwZTNWc21yYTBlQnNRRkZKck5xeUZCZDA3MzIrS1FtCnVOeHZRQ3JFT0JYSFl5S01qT1E2ZUtsWWh1SzZvVDJOTEtTK2dhUCs0MnRSV2tSV2l5eitJRGx5S3A3MFhRM1EKckQ0UzRCUXo5bFhCamF1UXpXMk45c0RNZDhaTytpa0JCQjNrUmNiVklzWHJyQnYxMStxQnY4aHk2dFh0ODB0SQpxVjRmbGJXQjhzalVqY0Y0cW1LdE0weEYvY0dFVWtVWG1MM2EyUVN5VGphNi96M05kRUNLZGxqWGkwVkp5QmhEClJ0dkhrMmp1aEN2RHhzTERnWDNBZTB2SExnVWVXR3haazcyWXRwSGxnblQvbnFYcFpDY1Jzc3JvUTZ6ckhCL2wKR1BHa0ZqTXQzMnlIVllLemZaSTRMQmc2cHlxcmdmeFdGdHZSbTNZNUFnTUJBQUdqZ2dJeE1JSUNMVEFmQmdOVgpIU01FR0RBV2dCUlJhUCtRcndJSGRUek0yV1ZrWXFJU3VGbHlPekFkQmdOVkhRNEVGZ1FVQ1k1R29GZGNFRmNGClZsWUJSb00xZm1tK1N5RXdiUVlEVlIwUkJHWXdaSUlTS2k1bVlXMXBiSGxrYjJ4c1lYSXVZMjl0Z2hCbVlXMXAKYkhsa2IyeHNZWEl1WTI5dGdoMWxhblpwWlhkbGNuUmxjM1F1Wm1GdGFXeDVaRzlzYkdGeUxtTnZiWUlkWldwMgphV1YzWlhKd2NtOWtMbVpoYldsc2VXUnZiR3hoY2k1amIyMHdEZ1lEVlIwUEFRSC9CQVFEQWdXZ01CMEdBMVVkCkpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNEQWpCMUJnTlZIUjhFYmpCc01EU2dNcUF3aGk1b2RIUncKT2k4dlkzSnNNeTVrYVdkcFkyVnlkQzVqYjIwdmMyaGhNaTFvWVMxelpYSjJaWEl0WnpRdVkzSnNNRFNnTXFBdwpoaTVvZEhSd09pOHZZM0pzTkM1a2FXZHBZMlZ5ZEM1amIyMHZjMmhoTWkxb1lTMXpaWEoyWlhJdFp6UXVZM0pzCk1FSUdBMVVkSUFRN01Ea3dOd1lKWUlaSUFZYjliQUVCTUNvd0tBWUlLd1lCQlFVSEFnRVdIR2gwZEhCek9pOHYKZDNkM0xtUnBaMmxqWlhKMExtTnZiUzlEVUZNd2dZTUdDQ3NHQVFVRkJ3RUJCSGN3ZFRBa0JnZ3JCZ0VGQlFjdwpBWVlZYUhSMGNEb3ZMMjlqYzNBdVpHbG5hV05sY25RdVkyOXRNRTBHQ0NzR0FRVUZCekFDaGtGb2RIUndPaTh2ClkyRmpaWEowY3k1a2FXZHBZMlZ5ZEM1amIyMHZSR2xuYVVObGNuUlRTRUV5U0dsbmFFRnpjM1Z5WVc1alpWTmwKY25abGNrTkJMbU55ZERBTUJnTlZIUk1CQWY4RUFqQUFNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUNpSDI4dQplUGNLZG1tRjZiK2lJdVNac0dOSS91b3NkUmw3bUR5dXMweGJiN3V5SGZ2SVkwUTdrK3hJRmtvR2QyRVZJYnFNCjkrV0RQbXpZaVlkZEMzUlN5T2JRTS9WaTEwbmp0MUV2WXpYTC9mbHB2QTU1L0pMNmEwWHpwdXBlMEQ1RVY2dWIKU1hHckNOaUZXRXRXdEl4RDJPM3RDcXlha3B1U0VHU0FFV0hCUW0za1BmTEpybzN2OFRFMHpTL25yT0pOL2swMQp1L1dtWnlvZmZyWGxFQU05dkI3THNMZCs2Tm5VTGE5ZjQ0T2ZEWFpUZ1ZMdnQ4czhjNFd6Skp5U1BhS3pwZ3llCnRVT0xNZVFxblovbllQQWRiVEVxOStzdlNLUmk1VFBzVlluY003eWRUbmZPRjR2Y2s0VUpZek42ZFhQUEhKTXYKM0NpeW5VeXFsSXpIRFZ3awo8L2RzOlg1MDlDZXJ0aWZpY2F0ZT48L2RzOlg1MDlEYXRhPjwvZHM6S2V5SW5mbz48L2RzOlNpZ25hdHVyZT48c2FtbHA6TmFtZUlEUG9saWN5IEFsbG93Q3JlYXRlPSJ0cnVlIi8+PC9zYW1scDpBdXRoblJlcXVlc3Q+ 8ba1c6d4.session.access.profile 31 /Common/mobilesp_samp_policy_v2 8ba1c6d4.session.client.activex 1 0 8ba1c6d4.session.client.browscap_info 85 uimode=9&ctype=Safari&cversion=1&cjs=1&cactivex=0&cplugin=0&cplatform=iOS&cpu=unknown 8ba1c6d4.session.client.cpu 7 unknown 8ba1c6d4.session.client.js 1 1 8ba1c6d4.session.client.platform 3 iOS 8ba1c6d4.session.client.plugin 1 0 8ba1c6d4.session.client.type 6 Safari 8ba1c6d4.session.client.version 1 1 8ba1c6d4.session.clientcert.ssl_agentnonce 16 0qJabcTnGCAMPrIB 8ba1c6d4.session.clientcert.ssl_rehandshake_pending 1 0 8ba1c6d4.session.createdfrom 6 ACCESS 8ba1c6d4.session.end 9 timed_out 8ba1c6d4.session.ha_unit 32 c5f68c4bf82120ac4815eb39aa88f9d6 8ba1c6d4.session.inactivity_timeout 5 28800 8ba1c6d4.session.keydb.current 32 50c52453796757e86dd7f8168ba1c6d4 8ba1c6d4.session.keydb.final 32 50c52453796757e86dd7f8168ba1c6d4 8ba1c6d4.session.ocsp./Common/mobile_client_check_act_ocsp_auth_ag_1.result 1 1 8ba1c6d4.session.ocsp.last.result 1 1 8ba1c6d4.session.policy.result 11 not_started

 

APM
security