cancel
Showing results for 
Search instead for 
Did you mean: 

trouble with login after this weekend's changes

RafkeMagic
Active Contributor
0 Kudos
141

Hi,

I'm currently working remotely for one of my clients (so via VPN). Since they have rather strict internet policies, I actually get online via the BO server (just a work around). I also use the same server to connect to other sites, such as my webmail and the Service Marketplace. For the latter I had saved a logon certificate with the customers S-id (so not my personal one) so I'm able to create OSS messages on their behalf. I use Chrome (Version 31.0.1650.57 m) on that server, because it's (a lot) faster than IE.

Now, up until last week I used to be able to logon without that certificate, by cancelling the proposed logon via certificate popup and then entering my own credentials in the logon screen. This is no longer possible today?! It seems to only want to logon with the certificate (I don't even get the popup anymore), it immediately tries to logon with the customers S-id and then shows a message that an email has been sent to <customer emailaddress> (which actually no longer exists - I should notify them as well) to "activate" that account on SCN. However, this is not (at all) what they or I had in mind.

I have found a work around by using IE8 (extremely old version, I know, but it's the one installed -by default I guess- on that server and I don't have any rights to upgrade/update it), but it's quite cumbersome as I know have sessions open in both Chrome (my Webmail amongst others) and IE (SCN).

Could someone check whether this is actually linked to the changes you performed over the weekend? And if so, please "solve" this issue?

Cheers,

Raf

Accepted Solutions (1)

Accepted Solutions (1)

carpe_diem
Product and Topic Expert
Product and Topic Expert
0 Kudos

Hi, Raf,

Chrome takes the certificate installed in IE/Windows rather than having it's own certificate repoistory as Firefox does.

Can you check the following settings in the BO server that you use to connect to SCN:

1. IE->Tools->Internet Options->Content tab->Certificates->Personal.

Check if you have more than 1 user certificate installed. If there's more then 1 user certificate and they are all still valid (please check expiration date), then you should get a prompt for certificate during the auto-login process.

2.1 If there's only 1 certificate present or only 1 that is valid, then the cert prompt is determined by the following settings:

2.2  IE->Tools->Internet Options->Security: there are 3 zones, you'll have to check the following setting for each of them: Internet, Local Intranet, Trusted Sites.

2.3 For each of these zones click on Custom Level, scroll down just a tad more than half the list and locate the following settings "Don't prompt for client certificate selection when no certificates or only one certificate exists".

2.4 Make sure it's set to Disabled for all 3 zones. If not make the needed changes and save.

After you've done this please let us know if the issue is resolved.

RafkeMagic
Active Contributor
0 Kudos

Hey Vladimir,

thanks for your quick response (and sorry for my late answer)!

Actually, when I just logged on (again working via vpn for the same customer), it seemed to work as before, meaning I do get a popup with the certificate it (Chrome) wants to use to login which I then cancel to receive a normal login screen.

Anyways, I'll answer your questions as well for your reference:

1. only 1 certificate

2. it seems that setting was enabled for the local intranet, and correctly disable for the others - meanwhile I have disabled it for local intranet as well

So, I should be all set now. Thanks again for the quick & detailed response!

Cheers,

Raf

Answers (1)

Answers (1)

JasonLax
Product and Topic Expert
Product and Topic Expert
0 Kudos

Our IT team is looking into this.

Auto-login still works: As workaround, use “New incognito window” in Chrome or “New private window” in Mozilla and decline certificate there.

RafkeMagic
Active Contributor
0 Kudos

Thx, Jason!