Hi, we're running a R12.50 environment and have an application that's utilizing a "Cert OR Forms" authentication scheme. The auth scheme is running on IIS 7.5 webservers with a R12.5 CR004 webagent. When we logon to the site with the browser that has our client cert configured, we authenticate fine with our client cert and access the site without issue. If the user is using a browser without our configured client certificate, the user is redirected to the forms based login page and after submitting credentials, the user logs in as expected as well. Both scenarios function as expected.
What we've noticed recently is after a certain period of time (not necessarily hitting the max or idle timeout periods), any refresh of the site (using the same browser window) causes the browser to redirect the user to the forms based login page instead of processing the user's client certificate and letting the user back into the site. There doesn't seem to be any consistency in the matter, as even if the user's session has hit max or idle timeout, the user should never be redirected to the forms based login page.
We initially thought the user may be hitting different siteminder protected sites with different tabs that may be skewing the session, but we've tested this with only one browser and one tab open and the issue appears. If we close the browser, open a new browser, wait the same amount of time, the issue may or may not appear.
Anyone ever seen something similar or have any ideas on what may be tripping up the certifcate authentication?