Smartcard authentication with Active Directory group accounts

Active Directory groups work best when the AD User account is directly associated to the group. Having a User tied to a Group tied to another group, or Nested Groups, are currently having issues due to the way the account are implemented in the web console.

I am not trying to use nested groups. I have a singular group that has my account in it that exists within our OU structure.

I had setup to use the CAC to login in Solarwinds NPM 12.  I can login with my CAC only once each time.  After the Solarwinds session timed out.  It logged out and it displayed the Solarwinds login windows.  But not the CAC login windows that supposed to be.

I have experinced a similiar issue with using internet explorer. Just dosn't want to prompt for the smart card again. Chrome seems to handle this a lot better and prompts me each time.

In Internet Explorer, Under Internet Options> Security> Custom Level, you may need to use Automatic or Prompt for user.

Sean,

It isn't that its not working, it just "fails" to reprompt again. I usually have to close the browser completly and reopen or clear the ssl sessions. Also, in an environment like ours everything is heavily locked down so most options other users might enjoy changing, we would be unable to do so.

In my case, if I checked the "require SSL" and client certificates "require" checked.  It will prompt me for the certs and PIN.  After press Enter.  I got the HTTP 403 error.  If "ignore" is checked, I can login with DoD PIN.  But only once, after the session timed out.  It will display Orion login screen.  Not the CAC login windows.  Solarwinds is working on this issue.

Do you have accounts that you are authenticating with smart card using an AD group ? I have no problem with single user accounts, just with trying to use a group.

AD group - domain users - each user had their own SSL certificate that tied to the CAC.  We had the DoD certificate installed on the Solarwinds.  But Solarwinds did not recognized the user using CAC.  We already tried different methods setup in Solarwinds - "Require SSL" box checked;  Client certificates:  "Accept/Require" checked - I got HTTP 403.  If "Require SSL" box unchecked and client certificates "Ignore" selected - Login to Solarwinds locally using Solarwinds local account/password without problem.  My company is not allowed to use Windows authentication to login.  Login is required CAC for authentication.

Make sure that the HTTPs is showing the certificate as green, if it is red it can report 403 forbidden. The Certificate will show the Friendly Name for the entire URL that should be used, it should be the fully qualified domain name, or some will use the hostname only.