-
Titel
Certificate Authentication using the override URL does not work when a default authentication provider is enabled -
Beschreibung
Certificate Authentication does not work when using the override URLs if SPP is configured with a default Authentication provider.
In SPP versions older than 8.0 LTS, this option was configured by enabling the ForceAsDefault option via the Core API (POST /v4/AuthenticationProviders/{id}/ForceAsDefault) endpoint.
Staring in SPP version 8.0 or above, enabling a default authentication provider for login can be configured in the SPP Web UI > Appliance Management > Safeguard Access > Identity and authentication
If a default provider is set and users need to log in with a different authentication provider (for example, certificate authentication provider) then an override URL would be required such as the override URLs below but in this case, the following override URLs do not work as no certificate prompt appears for selection in this case:
https://{SPP_Hostname_or_IP}/RSTS/Login?response_type=token&redirect_uri=https%3A%2F%2F{SPP_Hostname_or_IP}%2F&primaryProviderID=Certificateor
https://{SPP_Hostname_or_IP}/?newLogin=certificate -
Lösung
STATUS:
Change Request # 494432 was submitted to address this issue in a future release of SPP subject to successful QA and Product Management approval.
WORKAROUND:
Clear the ForceAsDefault flag via Core API by calling the POST /v4/AuthenticationProviders/ClearDefault
or
In SPP 8.0 LTS and higher, clear the default provider in the Web UI > Appliance Management > Safeguard Access > Identity and authentication > Default Provider options icon > Clear Default
Note: The workaround will change the login behavior for all users back to the original login selection.
-
Änderungsanforderung
494432