Jamf Nation Community

Yep same issue with me and I was meant to demo this to a senior colleague tomorrow lol

We at Jamf acknowledge this issue. We sincerely apologize for any inconvenience this has caused. Recently, Microsoft updated its sign-in page for Azure applications. We use this same page for authentication between Jamf Connect and Azure.  Due to this change, the html does not render as it should which is causing the sign-in window to display incorrectly during authentication. We are working around the clock to fix this as quickly as possible and will inform you as soon as a fix is available. In the meantime, local authentication and other identity providers integrated with Jamf Connect are not experiencing this issue.
 
We will update this thread as progress is made.  If you have any questions or would like to speak with someone, please reach out to our support team or your Jamf representative.

Update: Our engineering team has been working on a fix that we believe resolves the outstanding issue. We are currently testing this in some environments and running requisite quality assurance. If no issues are found, we have a path to delivery tomorrow during US business hours. This is subject to change as we progress through the testing process. Thank you for all of your patience, help and feedback during this process.

Update 2: Once again, thank you all for your patience while we get through this issue. Our team has been working closely with customers with a proposed fix to this issue. This has resulted in a few builds of the product in order to stabilize the login display for Azure.

At this time, we believe to have a working fix and are distributing to all customers who have submitted a support case. We will gain validation through the rest of today and plan for an official release tomorrow (granted proper validation).

If you are currently experiencing this issue and wish to receive this build prior to a general release, please contact our support team.

Is this still on schedule to be released today? I'm trying to test with Azure AD, and I'm getting the same behavior at the logon screen.

Thanks.

Rich

I tested the beta...hmmmm. Hope there is more to come as I repeatedly get stuck. On first use its not creating an account locally.

If I do Local Auth and then click Cancel it goes back to the broken login window.

Same here. PI-006900

Do we have a resolution to AzureAD login page resolving properly now?

Yep, latest PKG now shows the correct screen.

but I cannot get past that screen now lol constantly thrown back to the enter email field

We tested the beta yesterday and then loaded the 1.2.1 update after it came out. Testing this morning and we are able to sign in using Azure AD on a new machine where the 1.1.1 Jamf Connect Login .pkg is being installed via pre-enrollment, behavior is as expected so far. Make sure you have updated your software and try it out.

https://www.jamf.com/jamf-nation/discussions/31603/jamf-connect-1-2-1-general-availability

@mlawniczak Can you test the same workflow with Jamf Connect Login with all network connections disable and see if local auth works?

Hey @kerickson When attempting to boot the system without a connection to Azure the machine does not come up with any kind of login windows, it just hangs. As soon as you plug the computer in to the network and it recognizes the connection it stops hanging and finishes loading. I did report this through my support ticket already, so they are aware.

@mlawniczak Thanks for testing that.

@sam I have the newest version and as @mlawniczak stated there is a major issue with Jamf Connect Login when the computer has no network connection.

See screenshots below comparing how the old workflow worked.

Old Jamf Connect AzureAD device with no network connection

New Jamf Connect AzureAD device with no network connection

I have a ticket opened already, but this is a major issue and needs to be fixed.
A user will run into this issue when they are on an Airplane or a location with no network and they will not be able to log in.

@mlawniczak @kericson Completely understand. Thank you for bringing this up. I will ensure this is in front of the team.

@sam

I still cannot get in, it constantly get taking back to the SAML page asking for the email address. All I can see in Azure are sign in error codes 650056, googling that error code doesn't bring up anything useful

@Cayde-6 +1 When I input the correct password, it goes back to the enter email page, if I input the incorrect password, it shows me the password is incorrect.
I have a 2FA enabled account, I entered the account email address, password, it ask for the authentication code, everything works fine so far, but it keeps asking for the code again and again.

this is the debug log.

@Steven.Xu

Yep I get the same things in the log but 2FA is turned off for my dev tenant

Looks like others are affected with the "ADAL deny login because unsupported behavior" error in the logs

PI-006920 had been raised for this issue

We are working on these issues now for the next release.

In that release:
1. The ADAL Error has been enhanced to surface the underlaying error.
2. When opening with no internet access the login window will automatically load the local login screen and log that it has done so.

@josh.wisenbaker

How long are the release cycles? At the moment I cannot use jamf connect due to the ADAL errors

@josh.wisenbaker When will we see PingID support?

@josh.wisenbaker Was anyone going to tell us that you released a new version today? I never got an email or anything on Jamf nation. Very frustrating for my client who needs this fixed ASAP. So far in my early testing, the new version of Jamf Connect Login 1.1.2 seems to fix the issue of no login screen without a network connection.

How long are the release cycles? At the moment I cannot use jamf connect due to the ADAL errors

There really isn't a release cycle that is set in stone for Connect other than the code is complete and tested. In the case of a hot fixes like Azure we will release as soon as we have confidence that the issues are solved.

Was anyone going to tell us that you released a new version today? I never got an email or anything on Jamf nation. Very frustrating for my client who needs this fixed ASAP. So far in my early testing, the new version of Jamf Connect Login 1.1.2 seems to fix the issue of no login screen without a network connection.

As you found we released a hot fix for the offline and logging issues. One of my personal goals here at Jamf is to complete the work I started at Orchard & Grove when it comes to a release pipeline so that people find out far more quickly when things change. The current process can be frustrating, but we are working to improve it.

As an open-ended question, what sort of updates would people like? Email? A Slack release channel on MacAdmins? Just Jamf Nation updates? All of them?

Thanks,
Josh

@josh.wisenbaker Thanks for the response might be overkill, but all of the communication platforms you mentioned would be nice to see this posted on.

Same as @kerickson here, we are now able to access the systems when offline with the new software update.

I installed the Jamf Connect 1.1.2 but it still does not working at the beginning, same issue, it keeps sending me back to the email enter page or asking the code.

I checked the user's applications in Azure, I found there are two JCL applications. the first time I tried the JCL, and it works good. then Microsoft changed something in Azure, that caused my JCL stop working, I thought maybe something wrong in JCL application in Azure, so I deleted it and created a new JCL application. BUT I never thought the Microsoft didn't delete it thoroughly, there are still residual records within the users or the groups.

After I deleted the old and new JCL applications under the users records, and re-add the user and re-assign the role in the JCL application, the JCL works!

So, If you deleted the JCL and recreated it, please make sure the old JCL was completely deleted, Microsoft is not smart enough.

@Steven.Xu

Permission in Azure, you need to grant it admin consent

@Cayde-6 the permission is already granted but no lucky, delete the old JCL helped. is that the new step in JCL registration? I saw my JCL application already has the User.Read permission.