Important Update Effective February 1, 2024!
Due to recent changes in Jira and Confluence, we've made the tough decision to discontinue the OpenID Connect (OIDC)/OAuth app and no longer provide new versions for the newest Jira/Confluence releases as of January 31, 2024.
This is due to some necessary components no longer shipping with Jira/Confluence, which would require some extensive rewrites of the OIDC App.
Important Update! This app will be discontinued soon!
Due to recent changes in Jira, which no longer ships with some components required for our Read Receipts app to run, we've made the tough decision to discontinue the app, as of Februar 5, 2025.
Important Update! This app will be discontinued soon!
We've made the tough business decision to discontinue the app, as of January 11, 2025.
Single Sign On/AD FS authentication fails on mobile devices in the intranet
Problem
My mobile device is connected to the intranet (eventually via external (VPN) connection). When I'm trying to use the Single Sign On with a mobile browser (e.g. Safari on iOS) or mobile app (which supports Single Sign On), it fails on the AD FS authentication page/URL with an error page/white page (not loading).
Solution
In certain circumstances the Windows Integrated Authentication is not correctly working on mobile browsers in the intranet. We could reproduce problems so far with:
- Google Chrome on Android
- Safari on iOS
- Several mobile apps for Jira/Confluence (e.g. Confluence Server)
To fix this issue, the intranet forms-based authentication (username and password) needs to be configured as fixed authentication module for mobile browsers via user agents. The following article by microsoft shows detailed steps how to do it: https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configure-intranet-forms-based-authentication-for-devices-that-do-not-support-wia
Basically you need to remove User Agent Strings from the WIASupportedUserAgentStrings property list. To get the User Agent String of your browser just use your favorite user agent detector (e.g. http://www.whatsmyua.info). For integrated browsers like in the Confluence Server mobile app, you need to capture the network traffic with a browser debugging tool (e.g. Configure Fiddler for iOS) to get the User Agent information.
In the following we collected some User Agent Strings from the Confluence Server mobile app, which might be helping for further troubleshooting:
- "Mozilla/5.0 (iPhone; CPU iPhone OS 11_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E216 Atlassian Mobile App"
- "Mozilla/5.0 (Linux; Android 5.1.1; KFDOWI Build/LVY48F; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/59.0.3071.125 Safari/537.36 AtlassianMobileApp"
- "=~Windows\s*NT.*Chrome" (to target only Chrome on Windows for WIA)
If you experienced similar issues with AD FS and you were able to solve it with specific User Agents, we would be happy to add your information to this KB article, as goal to help other customers. Please feel free to share it with us here: Customer Portal