Symantec Access Management

  • 1.  Custom Error message for Cert Based Authentication

    Posted Jun 07, 2016 04:17 PM

    Hi,

     

    We have a cert or form based authentication schema configured for one of the SSO application. This has to be changed to Cert only so that no user is prompted for a Forms based authentication page.

     

    I have created the Cert Only Authentication schema and added to the realm. Now when I try to access the URL, it prompts me for the Certificate and upon selection, shows me the following error message.

     

    "The page isn't redirecting properly"

     

    We have a filter set for the user directory where an user whose title is set as store, should not be allowed to access the Forms based authentication. We do not want to alter this filter and would want the user to only to authenticate using the certificate with the title set as store and not using forms.

     

    Can this be achieved?



  • 2.  Re: Custom Error message for Cert Based Authentication
    Best Answer

    Posted Jun 08, 2016 01:19 AM

    Hi,

    It seems two questions asked in this thread.

    1st question:

    "The page isn't redirecting properly"

    do you expect to see the message after select certificate? If not, any idea why it shown above message?

     

    2nd question:

    filter set for the user directory where an user whose title is set as store, should not be allowed to access the Forms based authentication

    R: My understanding is user with title store need to be challenge by Cert authentication only.

    Other user challenge by Cert or Form based authentication.

    If my understanding is correct, then my response as below.

    Resource is protected by authentication scheme. This means what authentication scheme trigger is based on what resource you access.

    If the protected resource is to same URI, then out of the box Siteminder cannot achieve what you intended to.

    A custom authentication scheme might be able to achieve your objective. This need to engage CA Services if custom authentication scheme is needed.

     

    Regards,

    Kar Meng



  • 3.  Re: Custom Error message for Cert Based Authentication

    Posted Jun 08, 2016 10:10 AM

    Kevin

     

    There are two issues here.

     

    Issue-1 : After we selected the certificate when challenged by certificate authentication scheme, did we check the logs to see if the authentication and authorization succeeded with the filter as is in User Directory. There is no mention of this investigation in the thread. This is the foremost task to be undertaken and verified. Once we ascertain every action on Policy Server i.e. IsAuthenticated, IsAuthorized has succeeded and SMSession is generated; we then move onto the next step of looking at browser behaviour. Please confirm what has occurred here.

     

    Issue-2 : The page isn't redirecting properly. Try running a fiddler trace OR a HTTP Watch OR ieHTTPHeaders tools. See the browser redirection. This would probably hint on what is occurring, if Issue-1 is all success.

     

    Regards

     

    Hubert