Secure Global Desktop 4.40 Administration Guide > Users and Authentication > Users Cannot Log In With Web Server Authentication
Common problems users experience when they log in to SGD using web server authentication include:
To help diagnose and resolve some of these problem, add the following log filters on the Global Settings, Monitoring tab in the SGD Administration Console:
If a user fails to authenticate to the web server, they might see a message such as "401 Authorization Required". This indicates that either there is a problem with the user name and password the user is typing, or there is a problem with the web server configuration.
Check the following:
ttaservuser? If this user cannot read the password file, web server authentication fails.
If web server authentication is not set up correctly or it fails for any reason, SGD displays the standard login page. The following table lists the things you might need to check.
|What To Check||More Information|
|Is the right SGD URL protected?||For the webtop, you must set up your web server to protect the
|Is Tomcat configured to trust the web server authentication?||The Tomcat component of the SGD Web Server has to be configured to trust the Apache web server authentication.
On each array member, edit the
|Does the user have a user profile in the local repository?||If your configuration of SGD relies on users
having user profile objects in the local repository and you have not enabled one of the fallback profile objects, users might not be able to log in.
If this happens and you have enabled the additional logging, search the log file for messages that indicate that SGD
could not find a match for the authenticated user.
Either create a user profile for the user or enable one of the fallback profile objects, see Third-party Authentication for more details.
|Is the user a Secure Global Desktop Administrator?||By default, Secure Global Desktop Administrators cannot access SGD if they have been authenticated by a web server. To change this behavior, run the following command:|
|Have you changed the trusted user?||If you have changed the user name and password of the trusted user, have you verified that the new user works? See Trusted Users and Third-Party Authentication for details.|
Web server authentication does not support ambiguous users. This means users get the webtop of the first matching user profile.
Search the SGD log files for messages that indicate an ambiguous user.
To resolve the situation, you can either of the following:
Copyright © 1997-2007 Sun Microsystems, Inc. All rights reserved.