0 votes

I tested Automatic Login without SSL and it worked fine, but with SSL the Web Interface throws Access Denied error the first time I browser the URL.

However, on entering User Id and Password it works.

Has anyone faced a similar issue? Is there any specific configuration required for making Single SignOn work with SSL?

by (730 points)
0

Hello,

The main reason for the issue is that, for some reason, the users cannot authenticate in Adaxes Web Interface using the Kerberos authentication mechanism when connecting via SSL.

To help us troubleshoot the Kerberos issue, can you answer the following questions:

  • When accessing the Web Interface via HTTP and when accessing via HTTPS, do you use the same host name in the Web Interface URL, or are these different names? For example, these can be different DNS records for the same computer.
  • When accessing the Web Interface via SSL, do you use the Fully Qualified Domain Name (FQDN) for the computer or a certain DNS alias?
0

It is the same host name for both URLs, in fact, it is the same URL except for the Scheme. I am using the fully qualified domain name.

However, I am using a self signed SSL certificate, since this URL is only available on the intranet. Could this be causing the issue?

1 Answer

0 votes
by (216k points)

Hello,

To resolve the issue, you may try to register a Service Principal Name (SPN) for HTTPS connections on the computer where Adaxes Web Interface is installed. To do this, you need to run the following command line on the computer:

setspn -s https/<fqdn> <netbiosname>

where

  • <fqdn> - the FQDN of the computer where your Adaxes Web Interface is installed,
  • <netbiosname> - the NetBIOS name of that computer.
0

Thanks, it worked. It was a problem with the SPN configuration for Kerberos and https

0

I'm having the same problem, but my web interface and SSL certificate is different from the computer name. What do I need to do to resolve this?

computer FQDN: mitkuscfln89.mii.com
web interface: https://admgmt.mii.com/

0

Hello,

Run the following command line on the computer where your Web Interface is installed:

setspn -s https/<dns_alias> <netbiosname>

where

  • <dns_alias> - the DNS alias of that computer,
  • <netbiosname> - the NetBIOS name of that computer.

Related questions

0 votes
1 answer

Hi, we are running Adaxes on a MS Server 2008 R2 with IIS 7.5 and we wanted to enable Automatic Login for the self-service part. We did it exactly the way like ... forrest, consisting out of three domains, where the Adaxes server is placed in the root domain.

asked Sep 13, 2013 by ijacob (960 points)
0 votes
1 answer

Hi Team I need some assitance with creating a report to pull from exchange online all user mailboxes that have automatic replies enabled. I have been attempting to use ... Where-Object { $_.AutoReplyState -ne "Disabled" } | Select Identity, StartTime, EndTime

asked Aug 25, 2021 by Richard_NRL (90 points)
0 votes
1 answer

Hi, We are getting intermittent problems with 2 exchange powershell commands. All the over commands work fine [08/07/2014 19:45:54] Get-CalendarProcessing -Identity "CN=46010248, ... this? I've tried running the command on the mdcexch5r and there is no error.

asked Aug 7, 2014 by darryl82 (40 points)
0 votes
0 answers

Hi Evryone, I am trying to set up an external portal within a new webserver on dmz, and with only access to a webservice created from selfservice. The new webservice is only ... login, only reset password. What I am mising there that its not working? Thanks,

asked Nov 26, 2021 by yagoityd (20 points)
0 votes
1 answer

We have multiple secondary domains that are being managed by Adaxes. Everything seems to be working except self service portal login. We tested with our other secondary domains and those ... other than sign failed. What else can I look at to figure this out?

asked Aug 21, 2020 by mark.it.admin (2.3k points)
3,326 questions
3,026 answers
7,727 comments
544,678 users