Hello all,

I'm just now dabbling with multiple contracts and different
authentication levels, and I can't seem to go from a lower level to
higher level without being forced to close my browser. Higher to lower
seems to work fine though. Here is the scenario:

Contract 1: username/pass, auth level 1, Checked "Satisfiable by a
contract of equal or higher level".
Contract 2: x509, auth level 2, Checked "Satisfiable by a contract of
equal or higher level" (also tried unchecking).

Both contracts work separately. It also works if I go to a path
protected by Contract 2 first, and then go to a Contract 1 protected
path--I don't have to re-authenticate. This tells me the auth levels
are working. The problem comes when I go to Contract 1 first, and then
Contract 2. After Contract 2 auth I'm presented with a page that says
"Session Logout", telling me to close my browser to clear session. If I
don't, and try to go back to Contract 1, I get prompted for Contract 1
auth. Also, if I instead go back to Contract 2 I get an error: "Error
occurred during User Certificate Authentication."

So, in a nutshell I can go from higher to lover level contracts, but
not lower to higher without closing my browser. It seems to be wanting
a new session. Why is this?? I've read posts by other forum members
that indicates they have done this, so I don't understand why it isn't
working for me. If I can't get this to work it is a showstopper for us
using x509, because we use it mainly for apps that need an extra level
of assurance.

Any suggestions would be appreciated! I've tried playing with every
option I can, including Activity Realms, and nothing.


adamdn01's Profile: https://forums.netiq.com/member.php?userid=2226
View this thread: https://forums.netiq.com/showthread.php?t=42634