After upgrading the iPads to a new version, we started seeing a
logon issue with servers protected by TAM
WebSEAL. After successfully authenticating, users were redirected to the
resource apple-touch-icon.png
which resulted in a 404 "Not Found" error.
Configuring WebSEAL
The problem turned out to be related to the favicon.ico
issue in Firefox:
In a protected WebSEAL environment, Firefox's
attempt to access the favicon.ico file triggers a login prompt. WebSEAL
caches /favicon.ico
as its "last requested URL." Once the
user successfully logs in, WebSEAL redirects the request to this "last
requested URL" location. The file (being non-existent in this example)
is not found and a 404 "Not found" error is returned to the user. The
originally requested page is never accessed because of the redirection
process.
In the case of Safari on the iPad, the browser looks for an icon to use when adding a shortcut to the device's Home screen (as described in this Apple document under "Specifying a Webpage Icon for Web Clip.")
To resolve this issue:
- Create an application icon PNG measuring 72x72 pixels.
- Place this icon in a path that allows unathenticated access or attach such an ACL to the file.
- Specify
the application icon in the HTML header of your login page:
<link rel="apple-touch-icon" href="/apple-touch-icon.png"/>
Adjust as per your configuration and requirements; you might already have a place for unprotected external resources or want to support iPhones, etc. too. Follow the provided links for more details.
Software versions:
- Tivoli Access Manager for e-business, Version 6.0
- iPad iOS 4.2.1
Certificate warnings connecting to the server
While I'm on the subject of iPads and authentication...
If you're using self-signed certificates for HTTPS, you can find information on distributing and installing new trusted root certification authorities in the Apple document iPad in Business:
Supported certificate and identity format:
- iPad supports X.509 certificates with RSA keys.
- The file extensions .cer, .crt, .der, .p12, and .pfx are recognized.
The certificate can be installed using a configuration profile, sending it as an e-mail attachment, serving it to the Safari browser or via SCEP.
No comments:
Post a Comment
All comments are moderated