Problem

My mobile device is connected to the intranet (eventually via external (VPN) connection). When I'm trying to use the Single Sign On for Server / Data Center with a mobile browser (e.g. Safari on iOS) or mobile app (which supports Single Sign On), it fails on the AD FS authentication page/URL with an error page/white page (not loading).

Solution

In certain circumstances the Windows Integrated Authentication is not correctly working on mobile browsers in the intranet. We could reproduce problems so far with:

  • Google Chrome on Android 
  • Safari on iOS
  • Several mobile apps for Jira/Confluence (e.g. Confluence Server or Data Center)

To fix this issue, the intranet forms-based authentication (username and password) needs to be configured as fixed authentication module for mobile browsers via user agents. The following article by microsoft shows detailed steps how to do it: https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configure-intranet-forms-based-authentication-for-devices-that-do-not-support-wia

Basically you need to remove User Agent Strings from the WIASupportedUserAgentStrings property list. To get the User Agent String of your browser just use your favorite user agent detector (e.g. http://www.whatsmyua.info). For integrated browsers like in the Confluence Server mobile app, you need to capture the network traffic with a browser debugging tool (e.g. Configure Fiddler for iOS) to get the User Agent information.

In the following we collected some User Agent Strings from the Confluence Server mobile app, which might be helping for further troubleshooting:

  • "Mozilla/5.0 (iPhone; CPU iPhone OS 11_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E216 Atlassian Mobile App"
  • "Mozilla/5.0 (Linux; Android 5.1.1; KFDOWI Build/LVY48F; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/59.0.3071.125 Safari/537.36 AtlassianMobileApp"
  • "=~Windows\s*NT.*Chrome" (to target only Chrome on Windows for WIA)

If you experienced similar issues with AD FS and you were able to solve it with specific User Agents, we would be happy to add your information to this KB article, as goal to help other customers. Please feel free to share it with us here: Customer Portal