Hi Daniel,

Thanks for your response.  I double checked and I did have 1.2 enabled, but I also had 1.1.  As a test I just removed all options except for 1.2, restarted and tested again with the same result.  So now the server.xml looks like this:

sslProtocols="TLSv1.2"
sslEnabledProtocols="TLSv1.2"

Is there a particular cipher set I should be using as well or something else I can look at?  I have the following enabled:

ciphers="TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_RC4_128_MD5,TLS_RSA_WITH_RC4_128_SHA"

Thanks,

-Kevin

Hi Kevin,

When you are talking about CAS plugin, are you referring to some kind of single-sign on infrastructure that if set up for that confluence instance? (such as JASIG CAS?)

This error indicates that the mobile app cannot connect to /server-info.action on the confluence server instance. One of the reasons this might happen is that there is a catch-all filter (with url-pattern /*) added to confluence in web.xml that intercepts calls to all urls (including /server-info.action) and causes a redirect to some authentication page/mechanism. Unfortunately this breaks the mobile app as the app needs to access information from that url before being able to continue with the login process.

Do you know if there is any filter added to the web.xml for confluence that could cause this?

Looking forward to your reply,

-Sven 

Hi Sven,

You called it.   Yes the CAS plugin is for performing single sign on.  We are using an old CAS client since no one really supports CAS and Confluence.  You are also correct that there are filters in the web.xml mapping "/*" .  Do you know what the full path to "/server-info.action" is?  I tried hitting that while authenticated and I get a broken link.  Maybe I can add an exception to the filter to allow this url.  

Are you aware of any SSO plugins that would still allow us to use the mobile app out of the box?  I see there are a few SAML addons. 

Thanks again for your time and information!

-Kevin

Hi Kevin,

The server-info.action is queried from the root of the app deployment context. So, for example, if the full path to your confluence is https://some.host/confluence, then the full path to server-info.action would be https://some.host/confluence/server-info.action.

The mobile app does a HTTP HEAD call to that url and expects to see "mobile-plugin-enabled: true" as well as other "mobile-" related info in the response headers. Note that it is expected for the request itself to return a 404.

Let me know if this helped, 

-Sven

As for the second question - I have personal experience with the resolution.de authored SAML plugin. Worked well with ADFS! The other SAML offerings from other vendors are pretty similar. Atlassian also natively supports SAML in the Data Center offering of Confluence if that winds up being something you consider.

Thanks Sven and Daniel, I appreciate both responses.  I'm going to attempt to write a filter to exclude /server-info.action head requests or see if I can find the source to the original CAS filter and add the exception there.  If that doesn't work out I'll definitely check out the SAML plugin.   Have a great day.

-Kevin