WebID Users Cannot Authenticate
If your WebID users report repeated authentication
failures, make sure that:
- the ACE/Agent plugin has been initialized during Web
server startup. If the plugin has not been initialized,
check for ACE/Agent initialization error messages in the
startup monitor, then follow the solutions in the ACE/Agent startup messages
troubleshooting.
- the ACE/Agent is receiving the required
parameters from the Web client. Check for error
messages in the Netscape Server log, then follow the
solutions in ACE/Agent Messages in
the the Netscape Server Log.
- the ACE/Agent is able to find the sdconf.rec
file (the configuration file that the ACE/Agent needs to
communicate with the ACE/Server.) The path to the sdconf.rec
file must be specified in the VAR_ACE
parameter of the aceagent.cfg
file.
- the ACE/Agent is able to find the Web authentication form
templates. If these files have been moved from the netscape_home_directory/plugins/aceagent/templates
directory, you must specify their location in the TemplatesPath
parameter of the aceagent.cfg
file.
- the Web clients are sending the authentication requests
using the POST method (the GET method is not supported).
Check the Web authentication form
templates to make sure that METHOD=POST
is specified in the FORM tags.
- the users who are attempting to authenticate are using
browsers that support HTML forms and Persistent Client State
HTTP Cookies.
Security Dynamics supports Netscape Navigator versions
1.1 or later and Microsoft Internet Explorer versions 3.0
or later browsers for authentication through the WebID
authentication forms. Other browsers may work, but you
should consult their manufacturers to make sure the
browsers support HTML forms and Persistent Client State
HTTP Cookies.
Note: If a user reports
that he or she is able to authenticate once but is then
repeatedly prompted for a PASSCODE, instruct the user to
exit and restart the Web browser, then authenticate
again. This solves an infrequent problem associated with
WebID cookies.
- the users who are attempting to authenticate have been registered as tokenholders in
the ACE/Server database.
- the ACE/Agent machine has been registered
as a UNIX client of the ACE/Server.
Erratic Cookie Expiriation
If your WebID users report being prompted to
authenticate before their cookies expire:
- make sure the users are consistent when entering URLs
manually in their browser's Location
box.
For example, if Sarah authenticates on server sales.mydomain.com
using the URL http://sales.mydomain.com/index.html,
she should continue to use the http://sales.mydomain.com
naming scheme during this browsing session. Once inside
the domain, if she were to enter the shortcut http://sales/monthly/figures.html,
she would be prompted to authenticate because the domain
name in her cookie (sales.mydomain.com)
would not exactly match the domain name of the URL she is
attempting to access (sales).
- make sure your HTML authors are using a consistent,
standard domain referencing scheme when linking from one
server within teh domain to another server withing the
domain. For example, if one author is using server.mydomain.com,
all the authors should use this standard. This will
prevent your users from having to reauthenticate
unnecessarily.