We’ve tested with a machine OUTSIDE the Windows domain configured.
We’ve got no problem using Chrome, Firefox, Edge
Using IE, even we have the server on Local Intranet Sites, it always fail with
“Authentication Failed” message. And even with a correct user + password.
We think the reason is: IE sends a HTTP header Authentication:Negotiate with NTLM token., when it POSTs the user + password login page. It fails at OpenAM side and hence the Authentication Failed message.
If we delete the server on Local Intranet Sites, then we have an additional authentication dialog box previous to the login page. But after that, login works flawlessly.
not quite always true. The change in OpenAM 13 allows the WDSSO module to fall back to another module if the browser has negotiate support turned off, for example as it is by default in Safari and FireFox. However, this won’t prevent the login dialog (shown
above) from appearing if negotiate support is turned on in the browser, as it is by default in IE. I’ll look into this in more detail in my next blog post. Thanks to my colleagueCyril
pointing this out.
Maybe this change in OpenAM 13 is resposible to this behaviour? Any clues?