Environment
NetIQ Access Manager 4.2
NetIQ Access Manager 4.3
NetIQ Access Manager 4.3
Situation
Access Manager 4.1 setup and working well. Upgraded all components to Access Manager 4.2 without error. However, users that were authenticating via Kerberos from outside the domain would fallback to a name/password fallback method and all branding would be lost on the page. These 'external' clients would have "Windows Integrated Authentication" disabled on IE browser, and a login form would be displayed but with a simple form asking for username/password and no default branding.
We can get around this by adding the JSP property to fallback to a JSP page that includes all branding in it but did not have to do this with 4.1.
We can get around this by adding the JSP property to fallback to a JSP page that includes all branding in it but did not have to do this with 4.1.
Resolution
Apply 4.2.3 - this will fallback to the default branding as expected. If JSP property exists on fallback method, that will continue to get displayed as before.