cancel
Showing results for 
Search instead for 
Did you mean: 

SAML and Junos Pulse for Desktop on Mac

Highlighted
Occasional Contributor

SAML and Junos Pulse for Desktop on Mac

Hello,

 

Starting with the IVE OS 8.0, the Junos Pulse for Desktop now supports SAML based authentication

http://kb.pulsesecure.net/InfoCenter/index?page=content&id=KB23406

 

Has anyone had any luck getting this to work on a Mac ? It works like a charm on all our Windows platform devices (Win 7 and Win 8.x), but i have had no luck getting this to work successfully on a Mac (OS X Mavericks and Yosemite). 

 

The Way Juniper implemented the SAMl sign-in feature is to lauch a new browser window (IE on Windows and Safari on Mac), to get an authentication token from the SAML Identity Provider, and then transfer control back to the Junos Pulse client. 

 

The problem we are having is, on Mac OS machines, once a authentication token is received, the browser window never transfers control back to the Junos Pulse Desktop application. 

 

Just wondering if there is anyone out there who has gotten this to work successfully. 

 

Thanks in advance. 

 

Madan Sudhindra

6 REPLIES 6
Highlighted
Valued Contributor

Re: SAML and Junos Pulse for Desktop on Mac

I've seen a similiar issue when authentication is past back to Pulse, but it is unable to find a matching pulse connection.  Can you review the Pulse logs to see if you have any message stating 'no matching connection'?

 

Also, what version of Pulse are you using?

Highlighted
Occasional Contributor

Re: SAML and Junos Pulse for Desktop on Mac

We are using IVE OS 8.0R5 with Pulse 5.0.5

 

I'll look into the Pulse logs for info on matching connections. How did you fix the "No Matching Connection" issue ?

 

*** Update *** I have not found any occurances of no matching connection in the log. 

I am attaching the Junos Pulse client debug log file for reference

Highlighted
Respected Contributor

Re: SAML and Junos Pulse for Desktop on Mac

It looks like at least one connection is using Host Checker; if it's the SAML one, does it work once removed?
Highlighted
Occasional Contributor

Re: SAML and Junos Pulse for Desktop on Mac

I havent configured any Host Checker policies. 

 

All our policies are disabled. Here is a screenshot

 

 

Highlighted
Valued Contributor

Re: SAML and Junos Pulse for Desktop on Mac

According to the logs, it looks like Pulse disconnect but make no attempt to reconnect as it should.  Can you please clarify if you try launching Pulse via the browser does or does not work?  If you haven't already done so, I would open a case and provide the LogAndDiagnostic.zip from the Pulse client for further review.

Highlighted
Occasional Contributor

Re: SAML and Junos Pulse for Desktop on Mac

I have already opened up a case on this topic. 

 

It seems like a general issue with Pulse on Mac OS. 

Even if we switch to just plain username / password authentication, the Pulse client does not seem to want to transfer the session back from a browser instance. 

 

For example, on switching just just plain AD authentication, if a user logs into the web page, and then hits Start for Junos Pulse, the Pulse client launches, but then does not create a Pulse session. The user is forced to click the Connect button, against the corresponding Pulse entry to get the session to start.