cancel
Showing results for 
Search instead for 
Did you mean: 

Network Connect asks the user to choose a certificate if he has a PKI Token in his USB

spanudiez_
Occasional Contributor

Network Connect asks the user to choose a certificate if he has a PKI Token in his USB

Hello,

 

I have a realm with two authentican servers configured, the 1st one is LDAP and the 2nd one is a Radius Server. All users are able to autenticate without any issues on this realm unless they have a certificate token in one of their usb port.

 

If they have a token insterted, when Network Connect launches (after the secondary authentication with Radius), the user is prompted to select a certificate from his certificate list. He selects whatever certificate and after a certain delay he's able to use his full access.

 

Checking the logs on my secure access, I can see that after my configured authentications, the secure access tries to authenticate the user based on certificate as well, and of course it fails. This step is not there if the user doesn't have a certificate inserted in his usb ports.

 

Anyone knows how can I disable this check, and make the Secure access ignore the user usb port for this particular realm?

 

Thanks,

Diez

4 REPLIES 4
braker_
Frequent Contributor

Re: Network Connect asks the user to choose a certificate if he has a PKI Token in his USB

Do you have a certificate requirement enabled under authentication policy at the realm level?

spanudiez_
Occasional Contributor

Re: Network Connect asks the user to choose a certificate if he has a PKI Token in his USB

Hi Braker,

 

Thank you for your post.

 

I do not have any certificate limits. The following radio button is checked :

Allow all users (no client-side certificate required)

 

Also, it asks the user for certificate when Network Connect launches and only if a certificate card is inserted in his workstation, otherwise it doesn't ask for anything and it launches with no issues whatsoever.

 

Diez

braker_
Frequent Contributor

Re: Network Connect asks the user to choose a certificate if he has a PKI Token in his USB

That the user gets prompted only when the certificate store is available but can get access regardless suggests something set to evalute a certificate but not require it. Possibly a Host Checker rule?

spanudiez_
Occasional Contributor

Re: Network Connect asks the user to choose a certificate if he has a PKI Token in his USB

Still looking for answers, no Host Checker, not a single limitation in realm configuration. Also I emphasize the fact that if there's no certificate store, the user has no access issue.