For a long time we have been customers of Secude who are the developers of FDE for ZCM 11.2. In the versions of FDE before ZCM 11.2, we always had the Single Sign On functionality between the Secude PBA and the Novell Client on Windows 7 with our Smart Card setup. This functionality had more or less (about 95% of the time) worked. Sometimes the PIN passthrough would work but not auto login, you had to hit enter yourself. But otherwise it was working.

Since we have now moved to ZCM 11.2 and started using the version of FDE with ZCM this functionality is no longer working. Well, it does something! As far as I can tell it makes the Advanced screen of the Novell Client show. Which when you click away, will then show you a login error with the following error code 0x8007001.

I have already an SR open for some time regarding this issue. Actually never heard anything back from Novell much about the status of the ticket until I gave up and gave them a poke. Only to be asked, "The Smartcard SSO is kerberos authentication, correct? Please take a look at TID 7010332 'Does ZCM support Kerberos authentication through Novell Client' (Support | Novell) that as published recently."

Actually we are not using Kerberos in our setup. As far as I am aware Kerberos is an Active Directory form of authentication. And seeing as we are a complete Novell customer (currently) with eDirectory etc etc, I dont know how the supporter could just simply jump to that conclusion. In fact I state in my SR what we are using which is Win7 x64 Pro, Novell Client SP2 IR2a, ZCM 11.2, NESCM 3.0.8. Which to me would suggest anything but Kerberos. But maybe that is just me!

Additionally I was then told that because I was not using Kerberos, that, that is why it does not work. I am a bit flabbergasted about this because in the doumentation it tells you what type of Novell Clients are working underneath the SSO section of the online manual for the FDE. Even more so because A: I know it was working with previous versions! e.g. With Windows 7 x64 Pro, Novell Client, NESCM 3.0.7, ZCM Agent 10.3.x and FDE 9.6 from Secude. And B: Why is it not possible for Novell to get the SSO functionality to work with there own products?

Maybe someone else is having the same issue. Maybe Shaun Pond will read this and then kick butt! Hopefully not mine.

One can only hope!