You need a phone that can be updated to a more recent Android version.
2 Likes
Ha! Indeed I had missed it since I have not a Samsung phone. I tested the SSLLabs on Libreho.st and changed the server configuration to add ssl_ecdh_curve prime256v1;… No change, but…
I finally solved the mystery! It was a matter of TLS + SNI (and indeed @Falco’s tip was useful).
Edit: I also had to bump proxy_buffer_size on the frontend to make SAML login work with the mobile. Hackety hackety hack!
5 Likes