Novell Access Manager 3.1 Linux Novell Identity Server
Novell Access Manager 3.1 Windows Novell Identity Server
Windows 2003 server with Active Directory and Kerberos services enabled
Windows 7 clients with IE8
Access Manager 3.1.1-265 (3.1 SP1 IR3a) not allowing us use Kerberos as a passthru for authentication. Whenever we try to access a protected resource using IE8 (in Win7) or IE7 (in WinXP Pro) with the KB 974455
security patch installed, we are being prompted to enter our credentials. If we uninstall the security patch, IE7 starts to function properly again but IE8 on Windows 7 does not.
Note: If the key "SuppressExtendedProtection"does not exist, create a Key named "SuppressExtendedProtection"with a DWORD [in Windows 2K8 DWORD (32 bit)] value of 0x02
2) Ensure "Enable Integrated Windows Authentication" is enabled (Tools -> Internet Options -> Advanced Tab).
3) Ensure the IDP DNS Name or URL is added to the Local Intranet section. (Tools -> Internet Options -> Security Tab -> click Local Intranet -> Sites -> Advanced -> Add Service Provider URL e.g. https://idp126.lab.novell.com/
) (Needed in cases where the Service Provider domains and the AD/Client Domains are NOT the same) (Would not work if Domain Name / URL were added to the Trusted Sites section -> Local Intranet should be set for it to work).
The changes to the client required to bypass the Kerberos issues caused by the security update may be fixed in JVM 1.6 update 19:
Will include this in 3.1 SP3 when available.