Attempts to SETUP SMART CARD (CAC/PKI) USER AUTHENTICATION
I have been attempting to setup my SolarWinds server to do CAC/PKI log in. I have followed the instructions in the document SETUP SMART CARD (CAC/PKI) USER AUTHENTICATION FOR ORION WEB CONSOLE. I was able to do everything and then when I reach the point where I do the SSL settings, I require SSL and require client certificates I start having problems. When I log in using the FQDN, I get the pop up verifying my CAC info and to put in my PIN. As soon as I go through that, it fails and I get an HTTP 403 error. If I use Accept client certificates, it goes through the authentication multiple times and when I ignore, it will verify against my CAC, then I will still have to log in. Once I am in, after about 5 minutes of inactivity, the page drops and I have to log in again. At this point, I have to close the browser to clear the cache and then try to re-access the site. Does anyone have any ideas? The only roll back is that I to not require SSL and then I can log in normally again.
Windows Server 2012 R2
16 GB memory
8 CPU cores
60 GB disk drive (OS)
100 GB data drive (SolarWinds)
Browser being used is Windows Edge
I haven't had much time with the current version of Orion Core 2017.3 and Smart Cards with all of my current travel.
I would first see if it was affecting all Smart Cards, or the newer 256 bit cards. I have seen Internet Explorer, and Firefox work more consistently than Edge.
If its not working, please submit a Support Case and let me know the ticket number to keep tabs.
I have a support case #1195471 with what looks to be like multiple cases that is assigned to a application developer (?). These problems have affected my installation before moving to NPM 12.2 and NCM 7.7. I am still trying to working with support to resolve this issue. Hope this helps. It has gotten worse after I configure it to use the CAC, I have to accept/choose my certificate multiple times (as many as 😎 before I put in my PIN, then before I can move to the step to modify the log in method, I get a session timeout as soon as the home page is displayed. Edge is the worse at this. At least IE only makes me choose my certificate twice, but I still get a session timeout error. I can't use Firefox, because I don't have the .dll file to complete the configuration. I also made sure that the antivirus was turned off to isolate the problem.
In the meantime, I will just keep working on it with support to resolve the problem.
This is a known issue which was recently reported. We are tracking this internally under case 'CORE-8238'. Please open a support case and reference this number and this Thwack thread. We may have a fix available which addresses this specific issue.