04-04-2011 01:24 PM
Today I implemented some hostchecker rules for the first time and I'm a bit surprised with the result.
I configured the following:
This seemed to me pretty straightforward. I was also easy to configure.
But I was surprised that as soon someone browsed to the IVE sign-in URL. The host checker became active and started to check the AV and domain membership. But why does he do that?
The host checker policy is linked to the realm and depending on the realm you select on sing-in page 1. Different checks are done. So why does the IVE immediately started to check as soon as you browsed to the IVE? Instead of checking when a users sign-ins in a certain realm?
Is this the normal behaviour and can I change this? I want the checks to happen when the user authenticates.
Thanks for your help!
Solved! Go to Solution.
04-05-2011 11:53 AM
Hi Jeroen Bismans,
this is because you can configure the HostChecker Policy on various Levels, if you do configure it on a RealmBasis it will be verified before you can access the sign-in page.
If you configure it on a role basis then you'll get the check after the login.
04-11-2011 06:30 AM
I feel so stupid now. :-)
Thanks for the information. I configured the host checker policies now on the roles.
But when I tried to disable the host checker policies on the realms. I got the notification that the host checker policies on the realms should be active in order for policies on the roles to work.
I want to enforces the policies when they sign-in but I want them to be able to see the sign-in page and be able to select the proper realm. So should I select evaluate or enforce with the realm host checker policies?
04-12-2011 01:37 AM - edited 04-12-2011 02:11 AM
On the Realm(s) you have to set the Host Checker Policy to "Evalute Policies". The Host Checker will then still be loaded first , but without enforcing the policies on realm level. Means the User can see the login page and login.
After the User logged in, the Policy will then be enforced on the role level.