cancel
Showing results for 
Search instead for 
Did you mean: 

End session if authentication against this server fails

fild_
Occasional Contributor

End session if authentication against this server fails

Hallo,

I can uncheck the "End session if authentication against this server fails" option in realm definition. I think that the behaviour of this option chnged from version 6.5. to 7.1.

in 6.5. when you dont type any password, SA will log you in, but you will have a bad login on secondary auth server.

in 7.1. when you dont type any password, SA will not log you in with an error: Secondary auth failed but I dont have any bad login on secundary auth server. That is because i have a password lenght restriction to 4 digits. The same I have on 6.5. as well.

So what I want, and what I think should be the best: when I enter zero secondary password, there will be no communication to the auth server (password restriction), but I should be able to login beceause I have not checked the "End session if authentication against this server fails" option.

am I right? or wrong? please respond.

I need this funkcionality to be able to deploy only one sign-in page for 2 types of users. with and without secondary authentication....

3 REPLIES 3
fild_
Occasional Contributor

Re: End session if authentication against this server fails

When you enter zero password in second authentication and minimum password length is 4, then the authentication fail. But you don't want to "End session if authentication against this server fails". The session should continue...



DementedSmurf_
Occasional Contributor

Re: End session if authentication against this server fails

Yes... finally someone else who thinks the same way as me on this one.

I had to give up in the end and resort to two realms which i didnt want to do!




Nice to know im not alone Smiley Happy





---------------
SA2500 x 2
zanyterp_
Respected Contributor

Re: End session if authentication against this server fails

I think this is working as expected; I'm not sure how it was working in 6.5.

Even if you don't pass authentication, you should be providing some attempt to login.....but you should open a JTAC case for further investigation with policy trace and snapshots for each scenario (6.5, 7.1 with the option enabled, and 7.1 with the option disabled). It is possible there was an unexpected change and those are the minimum logs needed for investigation.