×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')

 

This documentation supports the 9.0 version of BMC Atrium Single Sign-On, which is in "End of Version Support." However, the documentation is available for your convenience. You will not be able to leave comments.

Click here to view the documentation for a supported version of Remedy Single Sign-On.
BMC Atrium Single Sign-On 9.0 ... Troubleshooting Troubleshooting Kerberos authentication

Chained authentication failure in Microsoft Internet Explorer

When Kerberos is chained together with LDAP or AR System for authentication and you try to log on to BMC Atrium SSO Console in Microsoft Internet Explorer (IE) browser, the authentication fails. You can detect the issue by removing the Kerberos module from the authentication chain. The authentication works correctly when Kerberos is removed.

Resolution

You might face this issue due to an optimization feature that Microsoft added to IE that causes IE to not send user-entered credentials to the BMC Atrium Single Sign-On server. When you disable this optimization, the credentials are sent and the user is successfully authenticated. 

Note

You can also avoid this issue by using Mozilla Firefox or other compatible browsers.

To resolve this issue from the client side

  1. Use the Registry Editor (Regedt32.exe) to add a value to the following registry key:
    HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Internet Settings/

    Note

    The registry key shown here is one path; it has been wrapped for readability.

  2. Add the following information for the new registry value:

    Value Name: DisableNTLMPreAuth
    Data Type: REG_DWORD
    Value: 1

For more information about disabling the optimization feature, refer to the knowledge base (KB) article from Microsoft, You cannot post data to a non-NTLM-authenticated Web site.

Note

You should ignore the instructions about disabling Kerberos or Integrated Windows Authentication mentioned in the KB article.

Was this page helpful? Yes No Submitting... Thank you
Last modified by Abhay Chokshi on Jan 14, 2014

Comments

Log in or register to comment.

Clock skew too great for Kerberos authentication
Using the krb5.conf file
© Copyright 2024 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.