Forum Discussion
Teams / Federation Authentication / MacOS X Customer
Thanks mouadcherkaoui for the post !
We are wondering if this is related to any security parameter regarding SSL or something else. The process of authentication is :
Azure -> SAML Portal -> CAS Portal -> SAML Portal -> Azure.
The login process is broken somewhere between Azure and the CAS portal since the login page does not even pop up.
The login window does not allow the use of DevTool or any shortcut to show the URIs that TeamsApp is trying to consult. Nothing in the log files except the errors show in the first post.
A support ticket is opened since last week.
Regards,
GS.
it's all my pleasure! Welcome!
I think since it is working on other platforms then it should be more about macOS use case, which handles keychains and caches them its way, can you create a user account and see if it works! I shared in the "answers forum" a resolution which in addition to removing cache files suggest to use the Keychain Access "Trousseau d'accès" tools to remove cached credentials there too:
the Niklas Blomqvist answer is also interesting:
- Start Teams
- Click the Teams app in the dock 5 times
- Click the "Development" option in the menu bar
- In that menu you have an entry called "Auth". I tried clicking all the "Call ipc" for different auth methods (I can't reproduce the menu as of right now, since I'm logged in and there are additional steps to see those entries when logged in)
- However, BEFORE you try any Auth-entries, go to "hooks" and "enableMacNativeNotifications" (I think the name was) to get native macOS notifications 🙂
hope it helps!
Hello,
I tried to enable enable Mac Native Notification, but did not change anything.
This is the Auth Menu, I tried clicking all items, one by one, enter my UPN, and It failed.
Also tried to remove all the diferent caches files suggested in the other post, and also deleted any Teams entry in my Keychain, but It did not change anything !
Regards,
GS
So ...
Error -1200 seems to be related to ATS (App Transport Security) / SSL Options,Ciphers,Versions ....
Our Federated Identity Authentication Server seems to be quite not compliant to the latest SSL Standards ! Since we do host it directly, we asked for a SSL/TLS/ATS fix.
On MacOS you can use the command :
/usr/bin/nscurl --ats-diagnostics https://MySSLServer.FQDN/ (--verbose if needed)
The output is (just changed our server FQDN) :
Default ATS Secure Connection
---
ATS Default Connection
ATS Dictionary:
{
}
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSErrorFailingURLStringKey=https://Server.FQDN/, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <BCF6DDA1-01D8-4D1E-9E17-46EE9364D4A0>.<1>, _NSURLErrorRelatedURLSessionTaskErrorKey=(
"LocalDataTask <BCF6DDA1-01D8-4D1E-9E17-46EE9364D4A0>.<1>"
), NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://Server.FQDN/, NSUnderlyingError=0x7febf9c12020 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9858, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9858}}, _kCFStreamErrorCodeKey=-9858}
---
See the error code ? -1200 right like what the Teams client reports... Maybe the last version of Teams Desktop client is more "picky" on security topics.
To be continued !
GS
