Single Sign On and Client Certificate Authentication RRS feed

  • Question

  • Hey everyone,

    According to Technet: if you have configured single sign on between two published applications with different host names, for example portal.contoso.com and owa.contoso.com, and the Client Authentication Method selected on the Web listener is SSL Client Certificate Authentication, users will be prompted to select their certificate a second time when going from one published Web site to the second published Web site. Users will only be prompted for the PIN code the first time they select the certificate as long as the second published Web server is opened in the same browser application process.


    Now, I understand why this functions the way it does. However, the client isn't happy about it. Are there any other tools or add-ins that would bypass the 2nd certificate selection? Or, does anyone have an explanation that would satisfy the customer concern about this not being a "true SSO solution"?


    Monday, September 17, 2012 1:24 PM