I have a strange issue.
I have one realm protected by webagent1 with an HTML Form authentication scheme with Authentication level 5
I have another realm protected by webagent2 with an HTML Form authentication scheme with Authentication level 6
I go to realm1 and it shows me the form and I login.
I go to realm2, and it doesn't challenge me, it logs me in automatically.
Is there any other configuration necessary other than the auth level in the auth scheme to force the user to login again?
It looks like your configuration is attaining SMSession with AuthLevel-6 when your are trying to access Authlevel-5. Hence not getting challenged.
Are you using the same HTML Forms Authentication Scheme and/OR are you using the same HTML Forms Login Page?
Both HTML Forms Authentication Scheme and Login Page need to be different, with TARGET being different too.
Authentication Level 5.
Realm : /authlevel5/*
HTML Forms Login Page : /siteminderagent/forms/auth5login.fcc
Target in Login Page : /authlevel5/landing/html
Authentication Level 6.
Realm : /authlevel6/*
HTML Forms Login Page : /siteminderagent/forms/auth6login.fcc
Target in Login Page : /authlevel6/landing/html
Have you verified from smacess log, when the user gets authenticated, what protection level is being assigned to the SMSESSION ?
Could you provide snippet of the smacess.log for your use case ?
But, generally speaking user should ALWAYS be challenged if moving from lower to higher authentication level. No additional configuration is required.
okay I resolved this.
There is a minimum authentication level in the partnership as well. That also has to be bumped up. I hadn't seen that.
Once I bumped that up, I get challenged again.
Thanks a lot for your suggestions as usual. You guys are awesome!