SSO & Safari Issue upon sign-in on Replicon Mobile App

  • 8
  • Problem
  • Updated 2 years ago
  • Acknowledged

DDR Corp utilizes Single Sign-on for login purposes to our Replicon site and most recently we began experiencing issues with users logging into the Replicon Mobile App via the iOS (Apple) devices.  It has been discovered and acknowledged by the Replicon team that there is an issue with the way Safari and ADFS are working together and we need to get this escalated to Apple in order to get this rectified.

Specific Example:  The user logs into the app, and is forwarded to our SSO page within the safari browser. The user then logs into the SSO page, and instead of the application launching, they receive an error, but pressing the back button reloads the page, and the app launches.  It is believed that the user is getting a SSO token, but the safari browser isn’t forwarding it back to the app.

Please advise when we may expect resolution as this is a constant issue for our users and consuming much of our internal teams time.

Thank you.

Photo of Tracy Smalley

Tracy Smalley

  • 21 Posts
  • 3 Reply Likes

Posted 2 years ago

  • 8
Photo of Aashnee Kamboj

Aashnee Kamboj, Community Moderator

  • 1560 Posts
  • 108 Reply Likes
Hi Tracy,

Thank you for using the Replicon Community!

We regret the inconvenience caused. We will have our Product Management team work through this and will update you with the progress.

Thanks,
Aashnee
Photo of Vinesha Perera

Vinesha Perera, Product Manager

  • 41 Posts
  • 6 Reply Likes
Hi Carlos,

Thanks for the reply.

I have emailed you the App ID.

Thanks,
Vinesha
Photo of Carlos Soto

Carlos Soto

  • 3 Posts
  • 2 Reply Likes
Thank you Vinesha.  Looks like the APP ID referred to in the solution is actualy the GUID of the app.  Do you have that value?
Photo of Vinesha Perera

Vinesha Perera, Product Manager

  • 41 Posts
  • 6 Reply Likes
Hi Carlos,

I will check with engineering and get back to you.

Thanks,
Vinesha
Photo of Aashnee Kamboj

Aashnee Kamboj, Community Moderator

  • 1560 Posts
  • 108 Reply Likes
Hi Carlos,

Our team is in process of testing the GUID method on one of our test environments. We will confirm the resolution of the issue in case of the testing yields expected results. I will keep the thread updated.

Thanks,
Aashnee Kamboj
Photo of Sayantan Choudhury

Sayantan Choudhury, Tier 3 Cloud Operations Engineer

  • 7 Posts
  • 1 Reply Like
Hi Carlos,

We tested the steps as per "https://discussions.apple.com/thread/6612300?start=0&tstart=0" and our findings are as follows:

We first looked into the steps for setting the APP ID. This is not looking for the APP ID for our Apple App but is looking for the IIS APP ID which is used to run the IDP website. Upon checking the SSL Cert bindings for our test environment, where the issue is replicable, we found that the APP ID for IIS is already set against the SSL Cert we are using.

We then looked into the steps for the user-agent. This is not related to our setup because we don't do in-app-browser auth but we send the auth request to Safari which has a well-known user-agent.

Finally, we checked for the explanation given where a developer has created his own code to deal with a situation where Safari is not able to handle cookies where the size is more than 4K. But again this is not the issue because when we tap the back button on the failed browser message, the authentication passes with the same cookie size.

Thank you,

Sayantan Choudhury
(Edited)
Photo of Meyer, William

Meyer, William

  • 1 Post
  • 1 Reply Like
This reply was created from a merged topic originally titled SSO & Safari Issue with sign-in on Replicon Mobile App.

Step
Energy Services uses Single Sign-on for login purposes to our Replicon
site and we are laughing this to 500 users within the next few weeks but for the last few months we began experiencing issues with users logging into the Replicon
Mobile App via the iOS (Apple) devices.  It has been discovered and
acknowledged by the Replicon team that there is an issue with the way Safari
and ADFS are working together and Replicon is escalating this to Apple in
order to get this rectified.

The user
logs into the app, and is forwarded to our SSO page within the safari browser.
The user then logs into the SSO page, and instead of the application launching,
they receive an error, This will jeopardize the Roll-out of this product at
Step Energy. Please get this resolved as soon as possible.