000039433 - 401 Unauthorized after entering domain credentials in the prompt when logging in using Windows Authentication SSO in Archer

Document created by RSA Customer Support Employee on Nov 4, 2020
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000039433
Applies To
Product Set: Archer
   Product/Service Type: Archer Control Panel (ACP), Single Sign-On
   Version/Condition: 6.x
IssueWhen SSO is configured and trying to login using the browser, the browser prompts you to enter the Domain Credentials on which after entered correctly still getting 401 Unauthorized response.

User-added image
CauseOne of the main causes can be that the Domain Accounts group/s do not have an appropriate access level on the Archer folder in IIS.
ResolutionThere are several steps to ensure that everything is correctly set:
  1. Verify that the web.config used is valid and is reflecting the current setup.
  2. Verify that the folders in IIS are set to Windows Authentication excluding API, ContentAPI, PlatformAPI, WS, and CompanyFiles.
  3. Verify that Windows Authentication is chosen from the Archer Control Panel.

Apart from this, we need to guarantee that Domain Users have the appropriate access to the RSA Archer folder. 
  1. Go to the Application location, usually, it is found through c:/inetpub/wwwroot/
  2. Right Click on RSAarcher folder and click properties.
  3. Go to the Security tab and ensure that the domain users group (or the correct group from AD) having read and run permissions on this folder.
User-added image