Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » iOS 6 authentication
  •  
James Bobby

Messages: 35
Karma: -1
Send a private message to this user
It seems the new iOS 6 breaks the authentication for Kerio, any idea how to get around this. My users says they only get a blank "login" screen. Almost as if Kerio is not presenting the proper webpage?
  •  
Jeff Wadlow (Kerio)

Messages: 193
Karma: 6
Send a private message to this user
Go to Configuration -> Advanced Options -> Web Interface and see if the SSL certificate is still valid.

Also, if you use a hostname for the Kerio Control box you might try specifying an IP address.

I am just taking some guesses. iOS 6 might not load pages that use expired SSL certificates or the iPhone might not be able to resolve the hostname.
  •  
James Bobby

Messages: 35
Karma: -1
Send a private message to this user
This problem occurs when a user starts their WiFi, iOS6 apparently tries to authenticate/log on by itself in some way.

However the phone only displays a blank/white window, which seem to be a part of iOS and not a browser window. As soon as you go back, the wifi disconnects. Probably some sort of "oh noes I could not reach the internet". I am not forcing SSL for internal authentication so certificate in this case should not matter.

And it started with the iOS upgrade as phones had no trouble before (so sure we could blame Apple for this, but still with tons of iPhone users it's causing a headache).
  •  
PPinho

Messages: 3
Karma: 0
Send a private message to this user
I have the same problem and the same symptoms. Our users get always a blank "login" screen. Our certificates are valid.
Help appreciated.
  •  
Martin Kuchar (Kerio)

Messages: 15
Karma: 0
Send a private message to this user
Hi James and PPinho,

could you specify which version of Control do you use? thanks.

Martin

Martin Kuchar
Control Clients Team Leader
Kerio Technologies
  •  
PPinho

Messages: 3
Karma: 0
Send a private message to this user
Hi Martin,

the version I use is: 7.3.2 build 4445.

Thanks
Paulo Pinho

[Updated on: Tue, 02 October 2012 11:13] by Moderator

  •  
James Bobby

Messages: 35
Karma: -1
Send a private message to this user
Hi Martin,

We use 7.2.2 build 3443 here.

  •  
hmadsen

Messages: 33
Karma: 1
Send a private message to this user
Hi

Just to add.

Running the latest version of Kerio and i have multiple Iphone and a few ipad users and all of them get the blank screen after upgrading to IOS6

Had no complaints before they upgraded so i can concur that IOS6 breaks the authentication with Kerio.

I am using the built-in authentication, not the active directory method.

All other users get the red login screen but IOS6 users only get a blank white page.

Will this be solved soon ? I would imagine that this would affect rather alot of users world wide.
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
It seems there is a bug in iOS 6 causing that Safari fails to display HTTPS website when redirected from HTTP (unsecured).
If the Control login page runs on HTTPS (which is by default) then this bug may affect redirection to Control's login page if you're accessing some website.
The workaround is to log in to Control directly by entering the URL for login page in Safari.
  •  
hmadsen

Messages: 33
Karma: 1
Send a private message to this user
@Pavel

So is this "The bug is in IOS6 so we at Kerio will not do anything to work around this bug (with apple bugs are always called features if memory serves me well)"

Or is it "There is a bug in IOS 6, we are working to make a solution either by us self or in combination with apple" ?

Just asking because users dont care where the problem is, they just want it fixed.
  •  
James Bobby

Messages: 35
Karma: -1
Send a private message to this user
Pavel Dobry (Kerio) wrote on Fri, 19 October 2012 21:24
It seems there is a bug in iOS 6 causing that Safari fails to display HTTPS website when redirected from HTTP (unsecured).
If the Control login page runs on HTTPS (which is by default) then this bug may affect redirection to Control's login page if you're accessing some website.
The workaround is to log in to Control directly by entering the URL for login page in Safari.


Except, the problem is that iOS6 does not keep WiFi turned on (as far as I can tell) as it cannot verify that it is on the internet - since Kerio is set to block until authenticated.

So you can never manually enter the login URL in a browser since it will not be connected via WiFi.

iOS6 tries to connect to internet, gets blocked by Kerio (not showing login), since it cannot verify it has internet access it turns off WiFi.

[Updated on: Tue, 23 October 2012 12:32]

  •  
silars

Messages: 429
Karma: 59
Send a private message to this user
James Bobby wrote on Tue, 23 October 2012 06:28
iOS6 tries to connect to internet, gets blocked by Kerio (not showing login), since it cannot verify it has internet access it turns off WiFi.


So, if you're on a corporate network and you lose Internet access, you also lose access to all corporate assets since it will take the Wi-Fi down too?

That doesn't sound right. Or, Apple didn't really think that feature through.
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
James Bobby wrote on Tue, 23 October 2012 12:28

iOS6 tries to connect to internet, gets blocked by Kerio (not showing login), since it cannot verify it has internet access it turns off WiFi.


I don't know iOS6 internals but if this is the case then the workaround should be pretty simple. Just identify what connection or protocol the iOS 6 device use for identifying the Internet connection and allow this particular connection to the Internet without authentication.
  •  
Martin Kuchar (Kerio)

Messages: 15
Karma: 0
Send a private message to this user
Hello,

we have tried to reproduce it with 7.3.2 build 4445 and iOS 6. Unfortunatelly we got blank screen only once from approx. 50 tries. So we are not able to investigate it properly.

As workaround you can set rule in HTTP Policy, which allows to access www.apple.com and which doesn't require authentication.
In that case your users should get Wi-Fi connected without seeing authentication page at all.
Then they will need to login to the Control. They can do so in Safari by accessing any web page over HTTP.

You can also try some of these things, but I am not sure if it will help to solve the problem:
- Reset network settings on iPad (Settings -> General -> Reset (bottom of the page) -> Reset Network Settings)
- When blank login screen appears, just switch to Safari and access some web page. You might get Control's login screen
- Use IP address as a hostname in Control's WebAdministration (Advanced Options -> Web Interface -> Use specified hostname) - but NTLM will not work then

Martin Kuchar
Control Clients Team Leader
Kerio Technologies
PPinho

Messages: 3
Karma: 0
Send a private message to this user
Hi Martin,
I'm surprised because we have this problem every time, not only 1/50 of the times...
The workaround you proposed does the job, but involves too many steps (and knowledge) and ordinary users can't do it by themself. I'll keep waiting for the "real" solution.
Thanks,
Paulo Pinho
Previous Topic: Kerio WinRoute Firewall Software Appliance and vlan
Next Topic: .
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Oct 21 04:54:07 CEST 2017

Total time taken to generate the page: 0.00541 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.