Known Issues

This section lists the current known limitations (and available workarounds) of the Banyan Platform

(FD-182) “Device Certificate not provided” authentication error on certain types of Native Apps

Limitation:

Banyan relies on a Device Certificate - an X.509 certificate issued by a trusted Certificate Authority and placed in the device’s system keychain - to register a device. The Device Certificate can be installed by a Device Manager or when an end user installs the Banyan Desktop App or Mobile App. The Device Certificate is then transparently checked when your end user authenticates via your Enterprise Identity Provider to access a Banyan-secured Application or Service.

Some Native Apps are “sandboxed” or do not correctly access the system keychain which contains the Device Certificate. When an end user authenticates via such a Native App, Banyan then treats the requests as coming from an Unregistered Devices” and rejects the authentication request with an “Device Certificate not provided” message.

This issue is commonly seen on iOS and MacOS Native Apps (such as Microsoft OneDrive or Salesforce CRM App).

Banyan Components:

Desktop App, Mobile App

Workaround:

You can enable Device Trust Verification for your organization. This early preview feature uses a modified authentication flow wherein the end user is presented with a challenge code when attempting to access a Banyan-protected service from a Sandboxed App.

The end user must copy the challenge code, and submit it via the Device Trust Verification tab in their Banyan App (desktop or mobile) to verify the device. After submitting the challenge code and verifying their device, the end user returns to the Sandboxed App to authenticate with the IDP and access the Banyan-protected service. Banyan’s Device Trust Verification capability allows Device Roles and TrustScoring based policies for Sandboxed Apps.


(FD-785) Device TrustScore Limitations for Linux-RPM

Limitation:

The Linux-RPM version of the Desktop App does not currently support TrustScoring for up-to-date OS or Org Preferred Apps.

Banyan Components:

Desktop App

Workaround:

We are actively improving support for Fedora-based Linux distributions.


(FD-1216) JavaScript Errors for Apple M1 Devices Running Big Sur

Limitation:

Apple M1 Devices running Big Sur are currently experiencing JavaScript errors (EFAULT) unrelated to Banyan or the Banyan Desktop App. Although this issues does not currently impact device registration, access to services, or other Banyan-related activities, it may lead to end user confusion.

Banyan Components:

n/a

Workaround:

Although usage is not impacted and there is no standard workaround, we will keep an eye on the Apple M1 problem and will develop improvements accordingly.


Fixed Issues


(Fixed in r.3.12) Banyan MobileApp Does Not Support Role-based OTP Exemption


(FD-122, Fixed in r.2.50) Source IP Exceptions in Policy will not work with Services that require SNI


(FD-757, Fixed in r2.30) Target Parameter when Specifying OIDC Exemptions


(FD-212, Fixed in r2.11) HTTP to HTTPS Redirection


(FD-467, Fixed in r2.10) OIDC Path Exemptions


(FD-294, Fixed in r2.5) SAML Admin Capabilities

Last modified: Mar 18, 2021