Forum Discussion
Daniel_W__13795
Nimbostratus
NimbostratusKerberos 401 authentication with form fallback
Hello,
we are using APM for SAML authentication. Domain joined machines should authenticate transparently with Kerberos, users without the ability to use Kerberos (non domain joined, Firefox wit...
bradhanson
Altocumulus
Altocumulusbumping this as it has been a while since there was activity.. but we are running into the same problem and are on version 14.
Why would APM 401 decide to issue this message "Authentication required to access the resources." and STOP the entire policy evaluation??
It should exit on 'fallback' and provide the access policy to continue and decide what to do..
Other things mentioned (to do some tests BEFORE issuing the 401) seem to be nothing more than a workaround to not get stuck on the 401 and it's ABORT of the policy.
This just makes something that should be so simple very very complicated ... simple .. negotiate/Kerberos fail.. go to fallback.. let the policy issue a login form.
I set to basic+negotiate and it will follow the basic path for the user but we don't want to issue the basic credentials box.. We want to issue the login form if it isn't able to authenticate using Kerberos.
Before I open a case with support, I am seeing if there are some others who have gone down this path and any other advise.
Much appreciated!!!