Attempts to SETUP SMART CARD (CAC/PKI) USER AUTHENTICATION

I have been attempting to setup my SolarWinds server to do CAC/PKI log in. I have followed the instructions in the document SETUP SMART CARD (CAC/PKI) USER AUTHENTICATION FOR ORION WEB CONSOLE. I was able to do everything and then when I reach the point where I do the SSL settings, I require SSL and require client certificates I start having problems. When I log in using the FQDN, I get the pop up verifying my CAC info and to put in my PIN. As soon as I go through that, it fails and I get an HTTP 403 error. If I use Accept client certificates, it goes through the authentication multiple times and when I ignore, it will verify against my CAC, then I will still have to log in. Once I am in, after about 5 minutes of inactivity, the page drops and I have to log in again. At this point, I have to close the browser to clear the cache and then try to re-access the site. Does anyone have any ideas? The only roll back is that I to not require SSL and then I can log in normally again.

Windows Server 2012 R2

16 GB memory

8 CPU cores

60 GB disk drive (OS)

100 GB data drive (SolarWinds)

Browser being used is Windows Edge

Tags (2)
0 Kudos
Reply

Does anyone know if this was resolved?  We are experience the Timeout issue randomly with CAC setup.

0 Kudos
Reply
Product Manager
Product Manager

This issue is resolved in the latest hotfix for Orion Platform 2017.3. The fix was also included in Orion Platform 2018.2.

0 Kudos
Reply

I reviewed the notes on the hot fix but there is no mention of this issue or it being fixed.  Do we have confirmation that the latest actually fixes it?

Thanks!

0 Kudos
Reply

Do we know if this is still an issue?  I am also trying to use CAC Authentication and having very similar issues. 

sean.martinez​?

0 Kudos
Reply

I haven't had much time with the current version of Orion Core 2017.3 and Smart Cards with all of my current travel.

I would first see if it was affecting all Smart Cards, or the newer 256 bit cards. I have seen Internet Explorer, and Firefox work more consistently than Edge.

If its not working, please submit a Support Case and let me know the ticket number to keep tabs.

0 Kudos
Reply

I have a support case #1195471 with what looks to be like multiple cases that is assigned to a application developer (?). These problems have affected my installation before moving to NPM 12.2 and NCM 7.7. I am still trying to working with support to resolve this issue. Hope this helps. It has gotten worse after I configure it to use the CAC, I have to accept/choose my certificate multiple times (as many as 😎 before I put in my PIN, then before I can move to the step to modify the log in method, I get a session timeout as soon as the home page is displayed. Edge is the worse at this. At least IE only makes me choose my certificate twice, but I still get a session timeout error. I can't use Firefox, because I don't have the .dll file to complete the configuration. I also made sure that the antivirus was turned off to isolate the problem.

In the meantime, I will just keep working on it with support to resolve the problem.

Product Manager
Product Manager

This is a known issue which was recently reported. We are tracking this internally under case 'CORE-8238'. Please open a support case and reference this number and this Thwack thread. We may have a fix available which addresses this specific issue.

0 Kudos
Reply

Our Federal SEs are checking into this question for you.

0 Kudos
Reply