Posted on 04-05-2023 01:42 AM
Hey all
currently we have the problem that some users can no longer log in to SelfService.
We have turned off our LDAP server and switched everything to Azure AD with SSO.
We have also changed the configuration so that a login does not have to be required in SelfService. However, after clicking the login button, only a white screen appears:
However, this does not apply to all users. Network and Internet can be excluded.
Does anyone have any ideas?
Posted on 04-05-2023 02:21 AM
Sometimes you just need to complain ...
We found the problem in the custom extensions.
So we fixed the issue right now.
Posted on 04-06-2023 12:44 AM
Can you please elaborate a little? What did you do to fix it? What specific custom extension caused this?
Posted on 04-05-2023 11:28 AM
WE are having this issue right now. What was the problem extension?
04-06-2023 12:43 AM - edited 04-06-2023 12:45 AM
Hi,
This seems like a known issue; see response from Jamf support
Hi Tobias,
Thanks for your reply.
I’ve been doing some digging around and since you are using Azure as SSO provider, it seems that this behaviour could be caused by the PI111320 - "Unable to sign in to Self Service macOS when Azure AD SSO extension is applied".
As a workaround, until it is resolved, we could consider a few workflows:
A] Disabling the login requirement to access Self-Service (in Jamf, Settings > Self-Service > MacOS). This would be the fastest short-term "fix".
B] Remove the Azure AD SSO Extension Profile or Company Portal.app from the impacted machine. However, this may have broader implications if other workflows leverage the SSO extension. Please test it before deploying to production.
C] Returning to a previous version of Self-Service:
- Disable the auto installation of Self Service.
- Download the 10.44.1 version of Self-Service manually from your Jamf Nation account.
- Collect the Self Service package and upload it to Jamf.
- Remove the installed Self-Service application.
- Deploy the old version of Self-Service.
However, this is not an official solution yet - I found one other case where it helped. The PI is quite recent, so I strongly advise to test it first on a test device and then pilot.
We are looking forward to hearing from you!
Please do not hesitate to reach out if you have any additional questions or queries and we will be more than happy to assist.
Best regards,
Charles
Jamf Technical Support
Community Portal - https://community.jamf.com/
Technical Documentation - https://www.jamf.com/resources/product-documentation/