Citrix files for the MAC - cannot authenticate

  • 2
  • Question
  • Updated 3 months ago
Hi,

Just installed Citrix Files for the mac, but is won't let me authenticate.
We're using company credentials
sharefile is getting its authentication from a netscaler using SAML
thsi works fine for the sync client both mac and window for a few years now
It als work fine for the web acces including office online as well as the outlook plugins.

However this Citrix Files for the Mac: after entering the Sharefile subdomain it will only display  
on a white page the word "Unauthorized"
This message is from the netscaler I presume - but why is this client handling the SAML authentication wrong, compared to all other  clients ?
Photo of JEBE

JEBE

  • 10 Posts
  • 4 Reply Likes

Posted 3 months ago

  • 2
Photo of Prabhat Tyagi

Prabhat Tyagi, Engineering

  • 150 Posts
  • 5 Reply Likes
The Auth flow is same across all apps. Are you able to login to ShareFile website on the same machine via the company’s credential Auth flow?

Cheers
Prabhat Tyagi
Photo of JEBE

JEBE

  • 10 Posts
  • 4 Reply Likes

well apparently not completely the same ;-)
login on through a safari session to the sharefile website works like a charm, no problem at all. (hundreds of users do so)
Photo of Prabhat Tyagi

Prabhat Tyagi, Engineering

  • 150 Posts
  • 5 Reply Likes
Can you please reach out to us on cfmac.feedback@citrix.com. We would like to troubleshoot and need your subdomain you are connecting. We will follow up with other queries if needed there. 

Cheers
Prabhat Tyagi
Photo of JEBE

JEBE

  • 10 Posts
  • 4 Reply Likes
Ok, thanks !
Photo of Prabhat Tyagi

Prabhat Tyagi, Engineering

  • 150 Posts
  • 5 Reply Likes
Thanks for providing the details via email. Acknowledging that it's a bug in Citrix Files for Mac, and the basic/NTLM SSO auth flow is broken. We will get this addressed soon. 

Cheers
Prabhat Tyagi
Photo of JEBE

JEBE

  • 10 Posts
  • 4 Reply Likes
Great, for the moment, to speed up testing, i managed to work around the issue in our test environment bij adding a check for the http.req. user-agent header : if it contains "Windows" proceed with NLTM / Kereberos SSO, otherwise, perform a regular logon. This works for the test environment.
(Edited)