We need your help to troubleshoot 1 issue which we are getting from many users after implementing PeopleSoft Kerberos SSO against AD. This issue is specific to Windows 7 PC and where Kerberos Token is not available.
Some facts which we know :
Kerberos will fail for users who are not logged in system using AD Domain ( as Kerberos Token will be invalid).
These users are not on AD Doamin so SSO will fail, which is understandable. But - We have designed our solution in such a way - that when SSO fails, it will trigger a login screen to Peoplesoft. User can provide his credentials (userid/AD password) manually and LDAP directory Authentication will be triggered using AD servers.
Note - Our Website is SSL enabled (HTTPS)
On windows 7 when person try to connect who is outside AD Domain, SSO fails ( as token not found)- > PeopleSoft Login sreen comes up in HTTPS -> User connect using AD userid and password -> PeopleSoft login screen gets refreshed and notheing happens.
Surprisingly - Same works on Googgle Crome OR if I change the URL to HTTP .
We have set secute connection "True" in web.xml for Kerberos settings.
Below is the Fiddler trace when we click "signin button" ---- On non AD domain.
POST /psp/PIMSTEST/?cmd=login&languageCd=ENG HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)
Accept-Encoding: gzip, deflate
Cookie: ggnptestap1-80-PORTAL-PSJSESSIONID=KbhXRpGQ52hLJtWbbK0DJ1XGDbSJ9Wn2!386905482; SignOnDefault=
Authorization: Negotiate TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==
HTTP/1.1 200 OK
Date: Thu, 11 Jul 2013 10:19:09 GMT
Content-Type: text/html; CHARSET=utf-8
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Set-Cookie: ggnptestap1-80-PORTAL-PSJSESSIONID=HBT3RpGdCX1q8W51ZxTz8hpQ2bCpMFKh!386905482; path=/; HttpOnly
Set-Cookie: PS_TOKEN=; domain=; expires=Thu, 01-Jan-1970 01:00:00 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Thanks for Help