Manager Web error when connecting over Application Server, using SSO (4374120)

Manager Web error when connecting over Application Server, using SSO

Errors:

2023-10-16 13:19:43.9065 ERROR (ObjectLog Global) : [810284] Failed to authenticate user.
[1205001] The current user could not be determined.
VI.Base.ViException: Failed to authenticate user. ---> VI.Base.ViException: The current user could not be determined.

However, if we disable "Anonymous authentication" in IIS, we get a different error:

2023-10-17 13:32:48.4266 ERROR (RequestHandler ) : Your session has expired. Log on again. 
VI.DB.Entities.SessionExpiredException: Your session has expired. Log on again. ---> ServiceStack.WebServiceException: Unauthorized

Conflicting errors, because:
-> The solution to "User could not be determined" error should be to disable anonym authentication.
-> The solution to "Your session has expired" error is to enable anonym authentication.

Occurs only when using SSO authentication.

Product Defect

WORKAROUND:

Authenticating the user with SSO Identity Manager Web through to Application Server (also using SSO) will require a Kerberos setup.
See this article for an example: https://blogs.msdn.microsoft.com/surajdixit/2018/02/07/kerberos-configuration-manager-for-internet-information-services-server/

STATUS:

This is known as Product Defect #36489 and has been addressed in Identity Manager version 9.0 LTS Cumulative Update 2.

36489