Hi All
I have tried searching and this issue has been ongoing for quite some time with view that the Product is fine.
Web Client Secure Login Server is being used. Authentication works normally and a X.509 certificate is added to the user Personal Certificates in Internet Explorer.
The problem is the certificate is only valid for 10 hours. Users close Internet Explorer once they have authenticated for SAML & X509. They go about their day and forget the have logged in.They don't go back to Internet Explorer and log out of SecureLoginServer. They head home and come back the following day with intention to login and repeat.
Now the issue is, the certificate has expired. As a result, the SecureLoginServer logon becomes stuck on the Initializing. There is no error message or time out.
The solution at the moment is for users to go to their certificates in IE and remove the expired on (if the user had chosen log out on the prior day the certificate would be removed) and then they may need to delete temporary internet files or whatever to get the session to let them attempt to login again.
So my question is to the community - is this "normal" product as is? If this is the case, it's not user friendly. It doesn't make sense to tell users they have to go back to Internet Explorer and manually logout of the session. And another solution suggested was automatic deletion of the certificate when IE session is closed - we rejected this as we felt it would create more headaches than it solved (users would be forced to keep IE open all day).
I don't understand why the login method cannot check if there is an existing certificate and remove it before reissuing a new one - thus avoiding the whole getting stuck on Initializing.
A few of us are scratching out heads over this one as we have already had to force users to perform 2 steps to access NWBC (go to IE first for SecureLoginServer step and then go to the desktop to SSO into NWBC as a redirection within NWBC would not issue with X509). If this is relevant, please note that the Identity Provider is being used and the SSO is not reliant on Active Directory.
Regards
Colleen