Forum Discussion
JoeTheFifth
Altostratus
AltostratusAPM LoginAsAnotherUser SharePoint KCD issue
I'm having a pecular issue here. I have APM in front of a sharepoint farm. Users in non trusted domains are redirected to a forms page. Trusted domains users bypass APM and go to the sharepoint site (ACCESS::disable) I added the loginasanotheruser option and now this happens:
On a non trusted domain computer :
- Loginasanotheruser request
- User is redirected the apm login page
- User is presented with an AD or Forms login (decision step)
- user chooses AD and enters a different user name and chooses a domain.
- APM authenticates the user and does constrained delegation
- User is logs to the SharePoint with the correct username (the one entered in the logon page).
Now on a trusted domain computer:
- Loginasanotheruser request
- user is redirected the apm login page
- user is presented with an AD or Forms login (decision step)
- user chooses AD and enters a different user name and chooses a domain.
- APM authenticates the user (apm logs) but connection to SharePoint uses the windows session user name, meaning the username of the guy logged on the the computer.
I just started trying to figure out what's happening and why APM does not trigger the KCD step in this case and I wanted to just post this here quickly before burning too much fuel on it :-)
2 Replies
JoeTheFifthOK found it. I was using an ACCESS::disable in a condition which disables the apm in the middle of the policy evaluation.
- boneyard
MVP
thanks for letting us know.
