1.    Overview


XenMobile AppController along with WorxHome client can do a Single Sign-on to Sharefile mobile app. In this configuration, a user logging on to Sharefile using a web browser or other Sharefile clients is redirected to the XenMobile WorxHome for user authentication and SAML token. After successful authentication by XenMobile, the user receives a SAML token that is valid for logon to their Sharefile account.

This document contains the list of steps that needs to be done in order to accomplish this. Below is the list of pre-requisites:

1. XenMobile 8.6.1 components (AppController 2.9)

2. MR1 version of MDX toolkit (i.e. build 2.3.372).

3. Below is the list of supported versions of Sharefile Mobile app.

  • Sharefile 2.1.5 for iPAD
  • Sharefile 2.1.4 for iPhone
  • Sharefile 2.4 for Android Tablet
  • Sharefile 2.4 for Phone

4. WorxHome for iOS 8.6.1 and WorxHome for Android 8.6.1

5. Sharefile admin account.

2.     Configurations steps

  • Wrap both Android and iOS Sharefile Mobile app using XenMobile MR1 MDX toolkit.
  • Login to AppController Control point portal and navigate to Apps & Docs tab.

  • Upload both Android and iOS Sharefile mdx apps into AppController.
  • Configure the MDX policies for both Android and iOS as required.
  • From App & Docs tab select Sharefile and click on edit.

  • Enter Sharefile domain name and from the drop down select the role to which you want to assign this application. Enter Sharefile admin credentials and hit save. When you hit save AppController will talk to Sharefile application using the above information and will push the SAML SSO settings to Sharefile.
  • Note 1: If a new/existing user is added to this role (i.e. AD Group) and if he does not have a Sharefile account, AppController will do an auto-provisioning into Sharefile. For initial testing purpose it is advised to point it to a smaller group where you have few users and also make sure you have enough licenses in Sharefile as AppController will do an auto-provisioning of users who does not an have existing Sharefile account. Users who are part of this role will only have access to the application. 
  • Note 2: Make sure AppController is able to reach Sharefile by doing a ping test from AppController CLI. 
  • Login to Sharefile using admin account and verify SAML SSO settings.
  • Also make sure the time zone in Sharefile and AppController are same. If the AppController and Sharefile clock are significantly different, network latency may result in the SAML request being unauthorized because the SAML response generated by AppController will have a time value stamp within in which the SAML token should reach SP(Sharefile), if the time value does not match SSO might fails.
  • Login to AppController Admin portal using the following URL: https://<AppC IP>:4443/admin and select Manage Users from the View drop down.
  • Click on Apps tab and select Sharefile application, verify whether the user is reconciled or not. Reconciled users can only experience SSO to Sharefile either using Sharefile mobile app or using receiver for web. SSO will not work if the user is not reconciled.

3.     Validation of iOS/Android Sharefile MDX.

  • Configure WorxHome using the XenMobile Server URL (i.e. MDM or NetScaler Gateway URL)
  • Download and install appropriate version Sharefile MDX app from the WorxStore.
  • Launch Sharefile MDX app. It should do SSO to Sharefile without asking for login details

4.     Validation from WorxMail

  • Configure WorxHome using the XenMobile Server URL (i.e. MDM or NetScaler Gateway URL)
  • Download and install appropriate version of WorxMail MDX app from the WorxStore.
  • Configure WorxMail using your exchange credentials.
  • Click on compose New Email.
  • Enter recipient email address and click on attachments, select Attach from Sharefile. (Note: for Android you should have Sharefile MDX already installed on the device)
  • When you click on Attach from Sharefile it will do SSO to Sharefile and will show the files available in Sharefile.

5.     Validation from Receiver for Web.

  • Open up a web browser and type in the NetScaler Gateway URL.
  • Enter your credentials to login.
  • Click on Add apps and add Sharefile.
  • When you click on Sharefile, you will experience SSO.

Important Notes for SSO failure:

  • Use right versions of server and client components (Use XM 8.6.1 MR1 Components)
  • Time Zone in IDP(AppController) and SP (Sharefile) should be same.
  • Domain users should have email address in Active Directory, as SAML token will be prepared using the email address available in Active Directory and also Sharefile accepts only email address as username.
  • SSO might fail if the user is not reconciled in Sharefile Application. AppController might take 20- 30 mins to auto-provision a new user.
  • AppController and client device should be able to reach Sharefile.