After upgrading the iPads to a new version, we started seeing a
logon issue with servers protected by TAM
WebSEAL. After successfully authenticating, users were redirected to the
apple-touch-icon.png which resulted in a 404 "Not Found" error.
The problem turned out to be related to the
issue in Firefox:
In a protected WebSEAL environment, Firefox's attempt to access the favicon.ico file triggers a login prompt. WebSEAL caches
/favicon.icoas its "last requested URL." Once the user successfully logs in, WebSEAL redirects the request to this "last requested URL" location. The file (being non-existent in this example) is not found and a 404 "Not found" error is returned to the user. The originally requested page is never accessed because of the redirection process.
In the case of Safari on the iPad, the browser looks for an icon to use when adding a shortcut to the device's Home screen (as described in this Apple document under "Specifying a Webpage Icon for Web Clip.")
To resolve this issue:
- Create an application icon PNG measuring 72x72 pixels.
- Place this icon in a path that allows unathenticated access or attach such an ACL to the file.
the application icon in the HTML header of your login page:
<link rel="apple-touch-icon" href="/apple-touch-icon.png"/>
Adjust as per your configuration and requirements; you might already have a place for unprotected external resources or want to support iPhones, etc. too. Follow the provided links for more details.
- Tivoli Access Manager for e-business, Version 6.0
- iPad iOS 4.2.1
Certificate warnings connecting to the server
While I'm on the subject of iPads and authentication...
If you're using self-signed certificates for HTTPS, you can find information on distributing and installing new trusted root certification authorities in the Apple document iPad in Business:
Supported certificate and identity format:
- iPad supports X.509 certificates with RSA keys.
- The file extensions .cer, .crt, .der, .p12, and .pfx are recognized.
The certificate can be installed using a configuration profile, sending it as an e-mail attachment, serving it to the Safari browser or via SCEP.