We have a rather strange problem, which is that we have an internal
Alfresco ECMS, which we connect to via the NAM gateway from Android and
Apple IOS devices outside the network. Everything works fine, including
the web interface, APART from the Apple iOS App on smartphones and

Android devices authenticate fine, just Apple that's the problem

Looking at the reverse proxy logs, a successful Android log in gives us
this for instance:-

2015-11-10 17:38:52 CN=USER,OU=XXXX,OU=XXXX,O=XXXX
200 \"-\" 1101 371 + 4542 919 362715 \"172.X.X.X\" 919 \"-\" \"-\"
\"-\" \"-\" \"-\" \"-\"
You can see the username and everything populated and all is well.

With the iOS application, we get THIS:-

2015-11-10 14:53:04 PUBLIC 172.X.X.X ECMS.COMPANYNAME GET
/ALFRESCO/SERVICE/API/SERVER 401 \"-\" 455 14345 + 18742 823 30227
\"-\" 823 \"-\" \"-\" \"-\" \"-\" \"-\" \"-\"

Whats odd and interesting, is the 401 is not generated by the internal
server that NAM is forwarding the packets on to... in the tomcat logs of
the internal server, there is no reference to this error, it looks like
its purely being generated in NAM.

Has anyone got any idea of what could be the issue? EVEN STRANGER... if
I connect the iOS app from INSIDE our network, and then switch networks
to connect externally AFTER its authenticated, it continues to work from
outside via NAM!

Of course this is no good really, as none of the Apple devices will be
allowed to connect internally, ever.

How come the cs-username is "public" and not the correct credentials
seen with Android?

Many thanks to anyone who can point me in the right direction.

One other thing, the Identity manager logs have NOTHING regarding any
authentication failure (that I can see) when this 401 error occurs, but
I guess I could be wrong.

rcrossco_1's Profile: https://forums.netiq.com/member.php?userid=10872
View this thread: https://forums.netiq.com/showthread.php?t=54626