I have a realm with two authentican servers configured, the 1st one is LDAP and the 2nd one is a Radius Server. All users are able to autenticate without any issues on this realm unless they have a certificate token in one of their usb port.
If they have a token insterted, when Network Connect launches (after the secondary authentication with Radius), the user is prompted to select a certificate from his certificate list. He selects whatever certificate and after a certain delay he's able to use his full access.
Checking the logs on my secure access, I can see that after my configured authentications, the secure access tries to authenticate the user based on certificate as well, and of course it fails. This step is not there if the user doesn't have a certificate inserted in his usb ports.
Anyone knows how can I disable this check, and make the Secure access ignore the user usb port for this particular realm?
Do you have a certificate requirement enabled under authentication policy at the realm level?
Thank you for your post.
I do not have any certificate limits. The following radio button is checked :
Allow all users (no client-side certificate required)
Also, it asks the user for certificate when Network Connect launches and only if a certificate card is inserted in his workstation, otherwise it doesn't ask for anything and it launches with no issues whatsoever.
That the user gets prompted only when the certificate store is available but can get access regardless suggests something set to evalute a certificate but not require it. Possibly a Host Checker rule?
Still looking for answers, no Host Checker, not a single limitation in realm configuration. Also I emphasize the fact that if there's no certificate store, the user has no access issue.