On-Demand certificate authentication
On-Demand certificate authentication
i have an apm policy that use On-Demand certificate authentication (smartcard)
win8,10 are always authenticate without problem with ie11 or chrome. some windows 7 sp1 clients can authenticate and some even do not get prompt of certificate. the same win7 computers with the same smartcard can authenticate to other sites that request smartcard.
this is the log from the apm event log: Access_Profile=/Access/Com_Auth_Apps_Portal;Partition=Access;Session_ID=b64a0179;Client_IP=100.219.226.2;State=Tel Aviv;Country=IL;Continent=AS;Virtual_IP=172.126.50.12;Listener=/Access/Portal_Com_VS;Reputation=Unknown;" Access_Profile=/Access/Com_Auth_Apps_Portal;Partition=Access;Session_Id=b64a0179;Policy_Rule_Caption=fallback;Current_Node=On-Demand Cert Auth;Next_Node=Deny;" Access/Com_Auth_Apps_Portal;Partition=Access;Session_Id=b64a0179;Access_Policy_Result=Logon_Deny;" Client_Hostname=;Client_Type=IE;Client_Version=11;Client_Platform=Win7;Client_CPU=WOW64;Client_UI_Mode=Full;Client_JS_Support=1;Client_Activex_Support=1;Client_Plugin_Support=0;"
i thought of windows updates and tried to compare updates from computer that work vs not working ,there were a lot of updates that do not exist in the working win7 computer . i tried to remove some without luck. maybe someone know if there is a know issue about this problem? maybe it is a cipher issue in the ssl client profile?
any help will be appriciated.
Thanks,
Aviv Hassidim