Hi,
I've been back and forth with support for over a week trying to get Jamf Connect to issue a user certificate upon connection. I've got a User Certificate Configuration profiles in Jamf that i can request certificates through self service with no issues. But for some reason, Jamf Connect just can't handle the request. Our CA admin can't even seen any failed requests from any of my test machines trying to request certs.
Kerberos appears to be working as i'm able to generate new tickets with a good connection to Jamf Connect and SSO works with all of our SSO secured sites.
in the Jamf Connect logs when a connection is made i'm receiving the following:
I'll be the first to tell you that i think certificates are magic so i don't fully understand them. And I'm not sure what
"Certificate doesn't match current user principal" means.
We're authenticating through OKTA to get our kerberos Tickets. In the JAMF connect logs I can see that Kerberos Auth Succeeded and it pulls down my AD user record.
The only discrepancy that i'm seeing is that in the JC logs it shows my Principal as Username@domain.root.loc and when i generate a cert using a jamf configuration profile the NT principal is my email address (which is different than Username@domain.root.loc)
has anyone had experience with this?
