A client using Windows SSO Domain Controller Query receives an Access Denied exception page when trying to browse the internet.
The Windows SSO realm also uses an LDAP realm for authorization.
This problem occurs when the client is a member of a nested group.
For example: A client is a member of GroupA and GroupA is a member of GroupB. However, the client is not a member of GroupB. In VPM, the policy allow rule source was set to GroupB, and based on the policy trace, the access or transaction was missing the rule. So it matches to the default rule, which is Deny.
Enable Nested Groups Support under Configuration > Authentication > LDAP > LDAP Search & Groups to resolve this issue.
Imported Document ID: 000008061
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.