Symantec Access Management

 View Only
  • 1.  Why Basic Authentication works but Client Certificate or HTML Forms Authentication Scheme does not?

    Posted May 16, 2015 12:59 AM

    My policy server is 12.52SP1. I'm using Siteminder Agent for SharePoint 2010 12.52SP1. If I set the authentication scheme to "Certificate or Form", I will get 302 redirect to a html form page when I did not use a smart card with certificate to login. I key in the correct user ID and password in form and submit it. However, the form will reload itself to ask for user credentials again. When I look at the policy server log, I can see that the person is authenticated and authorized. However, in my web agent trace log, I see things like smNoAction and agent exit message. If I change the authentication scheme to basic authentication, then everything works perfectly.

     

    Anyone knows what is causing this issue and how can I fix it?

     

    Thanks!

    Kok Keong



  • 2.  Re: Why Basic Authentication works but Client Certificate or HTML Forms Authentication Scheme does not?

    Posted May 18, 2015 06:50 AM

    Hello Kok Keong,

     

    You may check the following tech doc:

     

    http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/tec509284.aspx

     

    The siteminder certoptional virtual directory may require a certificate.

    You may check the exact error in the event viewer or activating the failed request tracing if you are using IIS 7.5.

     

    Hope it help,

    Julien.



  • 3.  Re: Why Basic Authentication works but Client Certificate or HTML Forms Authentication Scheme does not?

    Posted May 21, 2015 07:21 AM

    Updates: Looking at the webagent trace log and using fiddler, I discovered something perculiar:

     

    • user access the SharePoint site

    • user is redirected to SiteMinder login page

    • user is redirected back to SharePoint after authenticated by SiteMinder (I can see the cookie inside fiddler and policy server's log file indicate that the person is authenticated)

    • user is redirected right back to SiteMinder again


    I even increase the validity duration to 14430 sec, but SharePoint is still redirecting me to the siteminder login form.

     

    Online blogs/ forum suggested to set the LogonTokenCacheExpirationWindow to 1 minute. But this does not solve my problem too.

     

    Anyone has any insight on solving this issue?

     

     

    Thanks!



  • 4.  Re: Why Basic Authentication works but Client Certificate or HTML Forms Authentication Scheme does not?

    Posted May 26, 2015 01:23 PM

    Figured out that the issue is with the FIPS mode. We are able to login via TML Forms Authentication Scheme after changing the FIPS mode to "compatibility" in smhost.conf

     

    However, the client certificate authentication scheme still doesn't work. The browser (IE) will be forever in loading mode and nothing is displayed. Anyone ahs any idea why this is so?