Help

SAML Auth with Google Workspace fails on page refresh periodically.

Go to solution
Phatmandrake1
New Contributor II

Posted on ‎10-24-2023 05:58 AM

Has anyone had problems with Google Workspace failing authorization on a page refresh?

This is the error we get. I've captured HAR logs and sent them to support and they've concluded "..this looks to be designed this way" so I'm asking Jamf Nation in an act of desperation if anyone else experiences authorization issues with Google workspace similar to this one while using JAMF Pro or have any idea what could be causing this issue.

I have full access to the SAML request and Response and can share any other transaction errors upon request.

Phatmandrake1_0-1698152095809.png

 

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Phatmandrake1
New Contributor II

‎10-25-2023 12:44 PM - edited ‎10-25-2023 12:46 PM

So after several days of intensive troubleshooting, I have found what I believe is a root cause.

This information only applies if you are using Google Workspace as an IDP, but might explain peculiarities in other systems that don't offer SLO.


Jamf Pro will automatically time out after 30 minutes of inactivity. When this happens, any Jamf Pro tabs will be automatically logged out to: https://YourJamfPortal.com/logout.html

If you log back in to a tab, JAMF will load the Dashboard, let your brows the jamf settings menu, and sometimes let you access the policy page; however, if you watch the network history log, jamf throws a number of errors related to CORS or generic time out errors, until Jamf Pro stalls or throws page errors directly on the website.

In our case, it turns out having a tab open to the logout page will prevent all other active jamf sessions from working correctly, causing a number of errors.

Solution: Close all open tabs that are open to the jamf Logout URL, and refresh any Jamf tabs experiencing an issue. All pages experiencing an issue should now work again as normal.

This same issue can cause random 403 errors from Google Workspace, page broken icons, or infinite loading.




View solution in original post

0 Kudos
1 REPLY 1

Go to solution
Phatmandrake1
New Contributor II

‎10-25-2023 12:44 PM - edited ‎10-25-2023 12:46 PM

So after several days of intensive troubleshooting, I have found what I believe is a root cause.

This information only applies if you are using Google Workspace as an IDP, but might explain peculiarities in other systems that don't offer SLO.


Jamf Pro will automatically time out after 30 minutes of inactivity. When this happens, any Jamf Pro tabs will be automatically logged out to: https://YourJamfPortal.com/logout.html

If you log back in to a tab, JAMF will load the Dashboard, let your brows the jamf settings menu, and sometimes let you access the policy page; however, if you watch the network history log, jamf throws a number of errors related to CORS or generic time out errors, until Jamf Pro stalls or throws page errors directly on the website.

In our case, it turns out having a tab open to the logout page will prevent all other active jamf sessions from working correctly, causing a number of errors.

Solution: Close all open tabs that are open to the jamf Logout URL, and refresh any Jamf tabs experiencing an issue. All pages experiencing an issue should now work again as normal.

This same issue can cause random 403 errors from Google Workspace, page broken icons, or infinite loading.




0 Kudos