Microsoft ADFS on mac

jameson
Contributor II

Our infrastructure is using adfs but is not working on mac.
Anyone know How client settings should be on mac to get this working ?

12 REPLIES 12

mcs-jamf
New Contributor

We use ADFS with both Windows, Mac and iOS clients, a very smooth system. What services are you using with ADFS?

linuslarsson
New Contributor II

If you AD-join the Mac and log in with AD-credentials the SSO with ADFS will work.

jameson
Contributor II

It is single sign on i am Hoping to get working on mac. They are joined ad, but running nomad

linuslarsson
New Contributor II

If you running NoMAD, I guess you are not AD-joined. Thats the whole point of the product, not to be bound to AD. Yes, I see problem with that too, I does not work properly. I hope JAMF will work it out with JAMF Connect in the future.

jameson
Contributor II

Sorry - there Should have been stranding NOT joined ad.
So without AD the adfs sso is not possible ?

linuslarsson
New Contributor II

ADFS is working fine but you will be prompted for login, no SSO

jmurray
New Contributor

Have a problem with ADFS were an AD bound Mac the ADFS prompts for credentials in safari for office 365 will not accept the credentials. Chrome works fine. When the mac is unbound using a local account the ADFS credentials prompts are accepted within safari it's just when you bind to AD it appears to stop working.

cbrewer
Valued Contributor II

Look into adding "Mozilla/5.0 (Macintosh" to your WIA Supported User Agents string in ADFS.

Example:

Set-ADFSProperties -WIASupportedUserAgents @("MSAuthHost/1.0/In-Domain", "MSIE 6.0", "MSIE 7.0", "MSIE 8.0", "MSIE 9.0", "MSIE 10.0", "Trident/7.0", "MSIPC", "Windows Rights Management Client", "MS_WorkFoldersClient", "Mozilla/5.0 (Macintosh", "Mozilla/5.0 (Windows NT")

jmurray
New Contributor

Thank you will check, sorry for the delay am visiting this issue again and the strange thing with Centrify and NoMad Login this works fine with the SSO adfs sign on prompt. It only stops working when you AD bound the Mac with it's built in AD plugin with ADFS sso prompts.

jmurray
New Contributor

Just checked, "Mozilla/5.0 (Macintosh" has already been added to the Agents string and Safari is still not playing ball with ADFS SSO prompts not accepting credententials, am reaching out for any other further possible solutions.

jmurray
New Contributor

3ca93e1c70b6462396348031c599d8a2

jmurray
New Contributor

still no joy, any assistance be greatly received.