Help

Can't access JPS admin console with Safari in Catalina

noahdowd
Contributor

Posted on ‎10-10-2019 06:30 AM

I can't seem to access the Jamf Pro web interface using my server's DNS name from Safari 13 in Catalina. This has been true throughout beta testing. When I navigate to it I get no errors or any output. Just a white window with the progress bar stuck at maybe 10%.
I have two Jamf servers, one internal with database, one in DMZ with interface disabled. Both share an SSL cert with a valid Subject Alternative Name.
I can access the admin interface if I go directly to the server's local hostname, though I have to pass through the "This Connection Is Not Private" screen. I can even view the valid cert for the intended DNS name from this screen. I think it's just showing it because the names don't match.
Safari 13 in Mojave connects just fine. Chrome and Firefox in Catalina work fine too.
Recon et c. have no problems internally or externally.

Anyone else seeing this?

Labels:
Reply
4 REPLIES 4

Dylan_YYC
Contributor III

Posted on ‎10-10-2019 08:19 AM

Just tested mine, its slower and the login screen takes a bit to load but otherwise it works!

0 Kudos
Reply

Scott_Watkins
New Contributor II

Posted on ‎10-11-2019 07:24 AM

We also have this issue, but in only 1 location. All of our other locations it works fine.

You guys behind a proxy?

0 Kudos
Reply

noahdowd
Contributor

Posted on ‎10-15-2019 04:28 AM

We are.
Here's the thing. I decided to test out the native Jamf Kerberos SSO configuration profile instead of the downloaded and signed one from the beta and changing some things in there seemed to help. If I change my hosts entry from .company.com to sso.company.com I can suddenly load the admin page (it prompts for username and password) however none of the sites that redirect to sso.company.com for Single Sign On work now. Same issue, just a white page with no clue about what's happening.
It looks like I have to keep poking at the Kerberos extension...

0 Kudos
Reply

noahdowd
Contributor

Posted on ‎10-15-2019 05:17 AM

So I removed the leading . from the hosts entry. Now I just have company.com. The profile saves and is distributed and all sites work normally. I think this basically makes the Kerberos SSO extension not do anything when it comes to SSO in browsers or apps. I'm saving my SSO credentials in keychain which is probably why it's working.

0 Kudos
Reply