000030975 - RSA Archer 5.5.2 left navigation pane does not load when using SSO (Error :  POST /Service/LeftNavigationService.svc/GetNavigationItems - Error 500)

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Jan 26, 2018
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000030975
Applies ToRSA Product Set: Archer
RSA Product/Service Type: Archer
RSA Version/Condition: 5.5 SP2
Platform: Windows
IssueWhen trying to access the Archer website, the following Windows pop-up displays, asking for the user name and password.
 
IIS logs  : 2015-08-12 20:36:49 ::1 POST /Service/LeftNavigationService.svc/GetNavigationItems - 80 - ::1 Mozilla/5.0+(Windows+NT+6.3;+WOW64;+Trident/7.0;+rv:11.0)+like+Gecko http://localhost/foundation/Workspace.aspx?workspaceId=-1&requestUrl= 500 0 0 187


Event logs



The following error is in the event logs:



WebHost failed to process a request.  Sender Information: System.ServiceModel.ServiceHostingEnvironment+HostingManager/56251872  
Exception: System.ServiceModel.ServiceActivationException: The service '/Service/LeftNavigationService.svc' cannot be activated due to an exception during compilation.  The exception message is: The authentication schemes configured on the host ('Anonymous') do not allow those configured on the binding 'WebHttpBinding' ('Negotiate').  Please ensure that the SecurityMode is set to Transport or TransportCredentialOnly.  Additionally, this may be resolved by changing the authentication schemes for this application through the IIS management tool, through the ServiceHost.Authentication.AuthenticationSchemes property, in the application configuration file at the <serviceAuthenticationManager> element, by updating the ClientCredentialType property on the binding, or by adjusting the AuthenticationScheme property on the HttpTransportBindingElement.. ---> System.NotSupportedException: The authentication schemes configured on the host ('Anonymous') do not allow those configured on the binding 'WebHttpBinding' ('Negotiate').  Please ensure that the SecurityMode is set to Transport or TransportCredentialOnly.  Additionally, this may be resolved by changing the authentication schemes for this application through the IIS management tool, through the ServiceHost.Authentication.AuthenticationSchemes property, in the application configuration file at the <serviceAuthenticationManager> element, by updating the ClientCredentialType property on the binding, or by adjusting the AuthenticationScheme property on the HttpTransportBindingElement.    
   at System.ServiceModel.Channels.HttpTransportBindingElement.UpdateAuthenticationSchemes(BindingContext context)    
   at System.ServiceModel.Channels.HttpTransportBindingElement.BuildChannelListener[TChannel](BindingContext context)    
   at System.ServiceModel.Channels.Binding.BuildChannelListener[TChannel](Uri listenUriBaseAddress, String listenUriRelativeAddress, ListenUriMode listenUriMode, BindingParameterCollection parameters)    
   at System.ServiceModel.Description.DispatcherBuilder.MaybeCreateListener(Boolean actuallyCreate, Type[] supportedChannels, Binding binding, BindingParameterCollection parameters, Uri listenUriBaseAddress, String listenUriRelativeAddress, ListenUriMode listenUriMode, ServiceThrottle throttle, IChannelListener& result, Boolean supportContextSession)    
   at System.ServiceModel.Description.DispatcherBuilder.BuildChannelListener(StuffPerListenUriInfo stuff, ServiceHostBase serviceHost, Uri listenUri, ListenUriMode listenUriMode, Boolean supportContextSession, IChannelListener& result)    
   at System.ServiceModel.Description.DispatcherBuilder.InitializeServiceHost(ServiceDescription description, ServiceHostBase serviceHost)    
   at System.ServiceModel.ServiceHostBase.InitializeRuntime()    
   at System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout)    
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)    
   at System.ServiceModel.ServiceHostingEnvironment.HostingManager.ActivateService(ServiceActivationInfo serviceActivationInfo, EventTraceActivity eventTraceActivity)    
   at System.ServiceModel.ServiceHostingEnvironment.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath, EventTraceActivity eventTraceActivity)   
--- End of inner exception stack trace ---    
   at System.ServiceModel.ServiceHostingEnvironment.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath, EventTraceActivity eventTraceActivity)    
   at System.ServiceModel.ServiceHostingEnvironment.EnsureServiceAvailableFast(String relativeVirtualPath, EventTraceActivity eventTraceActivity)  
Process Name: w3wp  
Process ID: 6900
CauseThe proper authentication method was not enabled at the sub folders.
Resolution
  • Windows Authentication needs to be enabled at the website level and all the subfolders, except for  API, Company Files and WS. 
  • For the API, Company_Files and WS folders, Anonymous Authentication should be Enabled.
  • Examples below:

User-added image
 


User-added image

User-added image



 

Attachments

    Outcomes