Has anyone seen this problem, or could offer any advice. thanks.
Users with Office 2013 installed on their computer opens up to a website
(protected by Access Manager), is authenticated (single signed on), and
tries to download an office document (word, excel ... etc), who then
sees a second authentication prompt (401 basic authentication). This
document would not open unless the second login prompt is closed
(there's no need to enter any authentication).

Here are some details:

We are using Access Manager 4.0.1 (4.0.1-88 + HF1-93) appliance.
say the proxy service domain is abc.test.com
and the document is located at abc.test.com/path1/file.doc
and if the path (/path1/) is protected then this issue occurs.
(ie my protected resource would contain only one entry, like this: all
/* Name/Password - Form)

The web server itself does not use basic authentication to protect any
of its resources, so obviously this is triggered by AM. If the path
/path1/ that contains the file is set to public, all is fine; this issue
does not occur (no second authentication prompt is shown and the
document opens immediately). BTW this happens to all of the proxy
services we've tested.

Novell SR support is claiming that since our setting works for users
using Office 2010 or older, and because the mechanism used for opening
WebDAV documents hasn't changed (for AM), that this is highly probable
it's Microsoft who's changed something since it's previous version to
have caused this problem and thus we should instead turn to Microsoft
for answer. They also claim that this is unlike this other problem we
found that seems closely related (Multiple Authentication Requests While
Opening Microsoft Excel Files).

I find their response rather disappointing and disbelieving. If it is
uncertain at this point who's to blame, NAM or Office Word 2013,
shouldn't the responsible thing to do be that Novell be the one to
contact Microsoft to figure out the issue, instead of asking his client,
us, to relay this issue to them?

BTW, we've also opened a Microsoft service request and they too are
pointing fiingers towards our product (NAM), saying that it is us who's
sending out this 401 basic authentication request.

Right now, all I can do is locate every single path containing Office
documents and set it to public. But this job is rather daunting, not to
metion it's associated security risk.

Can anyone offer any suggestions? thanks a lot.


tichung's Profile: https://forums.netiq.com/member.php?userid=980
View this thread: https://forums.netiq.com/showthread.php?t=51598