Office 365, ADFS and Office apps not working on iOS devices

Good Morning,

I have ADFS and WAP servers in Azure providing SSO from the corporate network. Everything is working as it should be BUT our iOS devices when using the Office for iOS apps provided from Microsoft.

Using the native email client provided with the iPads/iPhones I can connect to their Office365 email perfectly, however when I try to use Outlook (Or OneDrive for Business) I get the attched error on the device.

I am running iOS 9.1

I can't for the life of me find anywhere on the Internet a fix for this?

Has anyone else had this issue and resolved it?

Thanks,

Gerald
IMG_0132.PNG
gezzam25Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

K BCommented:
It attempts to redirect but just immediately gives you that popup?
Do you have forms based authentication enabled?
K BCommented:
I think this is a great place to start:

https://community.office365.com/en-us/f/173/t/354005
Vasil Michev (MVP)Commented:
Make sure all the needed endpoints are enabled on your WAPs/AD FS servers. You also need Froms based auth to be enabled: https://support.microsoft.com/en-us/kb/3015526
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

gezzam25Author Commented:
Hi Vasil,

Do you mean by enabling endpoints, ensuring that the following PS command is run on the ADFS Servers?

Enable-AdfsEndpoint -TargetAddressPath "/adfs/services/trust/13/windowstransport"

Thanks,

Gerald
Vasil Michev (MVP)Commented:
Yes, and similar for the rest of the 'default' endpoint. You can also enable them via the GUI.
gezzam25Author Commented:
Hi all. With help from MS, resolved this issue.

All it took was to uninstall and reinstall the certificates

Email from MS below

Hi Gerald,
 
How are you? We Lust finished the troubleshooting with engineer from AD team. We have following findings.
 
1.       The sign in issue happens on all office applications (EXCEL, WORD and OneDrive)
2.       The issue happens when GETREALM redirects the user to its correspondent ADFS Server for authentication.
3.       The ADFS server domain is fs.domain.com.au.
4.       When we access it from Safari, found Apple Device does not trust the domain at all.
5.       The certificate issuer is Trestwave domain validation…
 
 
Action Plan
===========
1.       Previously we encountered similar issue, at that time, we resolved the issue by re-install all the certificates on the entire certificate chain on both ADFS and ADFS proxy (web application proxy) servers.
pic.jpg

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
gezzam25Author Commented:
Got feedback from  MS after opening support case.

Advice provided resolved problem
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Office 365

From novice to tech pro — start learning today.