Release NotesPolicy Server Release NotesDefects Fixed in SiteMinder ReleasesDefects Fixed for 6.0 SP5 › Basic Over SSL Authentication Accepts Certificates (67500)

Previous Topic: Incorrect CRL Message in the SiteMinder Policy Server Log (66792)

Next Topic: Evaluating Identity Manager Roles Causes Memory Leaks (66776)
Basic Over SSL Authentication Accepts Certificates (67500)

Symptom:

If they presented a valid certificate, but no credentials, users were denied access to resources protected by the X.509 Client Certificate and Basic authentication scheme. This is expected behavior.

However, within the same browser session, the same users were granted access to resources protected by the Basic Over SSL authentication scheme without providing credentials. Rather, the Basic Over SSL authentication scheme accepted the certificate presented earlier in the session and authenticated the user.

Note: This issue only occurred with Mozilla™ Firefox™.

Solution:

This is no longer an issue.

STAR Issue: 16943710;01