Saturday 22 January 2011

TAM WebSEAL: authentication and the iPad

After upgrading the iPads to a new version, we started seeing a logon issue with servers protected by TAM WebSEAL. After successfully authenticating, users were redirected to the resource apple-touch-icon.png which resulted in a 404 "Not Found" error.

Configuring WebSEAL

The problem turned out to be related to the favicon.ico issue in Firefox:

In a protected WebSEAL environment, Firefox's attempt to access the favicon.ico file triggers a login prompt. WebSEAL caches /favicon.ico as its "last requested URL." Once the user successfully logs in, WebSEAL redirects the request to this "last requested URL" location. The file (being non-existent in this example) is not found and a 404 "Not found" error is returned to the user. The originally requested page is never accessed because of the redirection process.

In the case of Safari on the iPad, the browser looks for an icon to use when adding a shortcut to the device's Home screen (as described in this Apple document under "Specifying a Webpage Icon for Web Clip.")

To resolve this issue:

Adjust as per your configuration and requirements; you might already have a place for unprotected external resources or want to support iPhones, etc. too. Follow the provided links for more details.

Software versions:

  • Tivoli Access Manager for e-business, Version 6.0
  • iPad iOS 4.2.1

Certificate warnings connecting to the server

While I'm on the subject of iPads and authentication...

If you're using self-signed certificates for HTTPS, you can find information on distributing and installing new trusted root certification authorities in the Apple document iPad in Business:

Supported certificate and identity format:
  • iPad supports X.509 certificates with RSA keys.
  • The file extensions .cer, .crt, .der, .p12, and .pfx are recognized.

The certificate can be installed using a configuration profile, sending it as an e-mail attachment, serving it to the Safari browser or via SCEP.

No comments:

Post a Comment

All comments are moderated