Starting with the IVE OS 8.0, the Junos Pulse for Desktop now supports SAML based authentication
Has anyone had any luck getting this to work on a Mac ? It works like a charm on all our Windows platform devices (Win 7 and Win 8.x), but i have had no luck getting this to work successfully on a Mac (OS X Mavericks and Yosemite).
The Way Juniper implemented the SAMl sign-in feature is to lauch a new browser window (IE on Windows and Safari on Mac), to get an authentication token from the SAML Identity Provider, and then transfer control back to the Junos Pulse client.
The problem we are having is, on Mac OS machines, once a authentication token is received, the browser window never transfers control back to the Junos Pulse Desktop application.
Just wondering if there is anyone out there who has gotten this to work successfully.
Thanks in advance.
I've seen a similiar issue when authentication is past back to Pulse, but it is unable to find a matching pulse connection. Can you review the Pulse logs to see if you have any message stating 'no matching connection'?
Also, what version of Pulse are you using?
We are using IVE OS 8.0R5 with Pulse 5.0.5
I'll look into the Pulse logs for info on matching connections. How did you fix the "No Matching Connection" issue ?
*** Update *** I have not found any occurances of no matching connection in the log.
I am attaching the Junos Pulse client debug log file for reference
I havent configured any Host Checker policies.
All our policies are disabled. Here is a screenshot
According to the logs, it looks like Pulse disconnect but make no attempt to reconnect as it should. Can you please clarify if you try launching Pulse via the browser does or does not work? If you haven't already done so, I would open a case and provide the LogAndDiagnostic.zip from the Pulse client for further review.
I have already opened up a case on this topic.
It seems like a general issue with Pulse on Mac OS.
Even if we switch to just plain username / password authentication, the Pulse client does not seem to want to transfer the session back from a browser instance.
For example, on switching just just plain AD authentication, if a user logs into the web page, and then hits Start for Junos Pulse, the Pulse client launches, but then does not create a Pulse session. The user is forced to click the Connect button, against the corresponding Pulse entry to get the session to start.