Hello,
After upgrading BigFix to 10.0.8 in our dev environment, when I go to webreports, it’s asking me to authenticate with a PIV card. If click on cancel, it takes me to the username/password fields. When I do the same steps for our production environment, it doesn’t do that as it’s still on 10.0.7.
Is this expected behavior with the new upgrade going forward?
Justin
We are getting that in our newly upgraded test environment as well. Not only do I get it when I first attempt to log in, but I also get it randomly while working on reports. Hoping to hear if this is expected as well.
Are you using SAML authentication in the problematic environments?
We are not using SAML in our environment.
My suggestion is open a support case and let L2/L3 review debug logs.
Is it possible you enabled Windows Integrated Authentication (WIA) on browser of your dev env?
If SAML is not enabled (remember to restart services if you switch enable/disable) you should land on the login page of Web Reports and nothing else…
No, I didn’t enable anything because after upgrading, I went to Webreports to check if it was up and prompted for pIV authentication.
We have also upgraded two of our test instances to 10.0.8 and are seeing this issue in both. We are not using SAML on one of these but have SAML on the other. It does work to get us to the Web Reports login screen after we put in our smart card pin on both.
For what it’s worth, I have upgraded two environments (10.0.7 to 10.0.8) and (10.0.4 to 10.0.8), but running Windows, the later has DSA. Auth is handled by AD groups. I have not had any issues so far with Webreports, but it’s day 1.
For SAML specifically - I was involved in Beta-testing of new/re-written/updated SAML component which is a lot more secure but respectively “enforceful” of certain configurational requirements - what I saw that older version was accepting pretty much anything in certain fields in the config without double-checking it against the SAML Authentication provider responses where the new component would fail the authentication if things don’t match up. Raise a case with Support and I am sure L2/L3 would be able to help you fix it - they can provide you with the old SAML module, have it applied so that things work and allow you to correct the SAML configuration before swapping back to the new version of the module.
We just upgraded our test server to 10.0.8 and are being prompted for a certificate before connecting to the web reports URL. We’re not using SAML. Accounts are local and AD.
I wonder if this is something introduced by a browser upgrade. I have had 10.0.8 in my lab environment since it was released on Dec 15th, but I don’t recall this certificate request happening until now.
We’re seeing this client cert request in:
Windows: Edge, Chrome, Firefox
macOS: Safari, Chrome, Firefox
All are current browser versions
Hi,
The reason why you are seeing the popup is because in 10.0.8 the WebReports sends a certificate request during the initial TLS handshake.
We have a DA opened for that and we’ll revert the behaviour to 10.0.7.