Anonymous_User Absent Member.
Absent Member.
724 views

CLE: You must use the HTTPS protocol


I have a win 7 vm installed. There I have installed CLE 3.7.1.5 and my
sspr is running on a different server https://10.1.*.*/sspr. The SSPR
version is 3.2. I have configured the CLE with the Link URL:
https://10.1.*.*:8443/sspr/public/ForgottenPassword. However, when I am
clicking on the Fogotton Password in the windows login screen I am
seeing the restricted browser opening but it is showing "You must use
the HTTPS protocol".
Why I am getting this error? Do I need to install anything else to make
this work?


--
joydeepg
------------------------------------------------------------------------
joydeepg's Profile: https://forums.netiq.com/member.php?userid=7638
View this thread: https://forums.netiq.com/showthread.php?t=53666

0 Likes
6 Replies
Knowledge Partner
Knowledge Partner

Re: CLE: You must use the HTTPS protocol

Since you are posting this in the SSPR forum and not the CLE forum is it
safe to assume that you see this message even when you are NOT using the
Restricted Browser? If so, then the connection between whatever client
and SSPR itself needs to have HTTPS setup, and you apparently do not have
that. You may have HTTPS between the workstation and some access
management product (for example), but SSPR can be configured to require
HTTPS all of the way to itself, so make that work and perhaps it will help.

If the error is coming from the CLE, though, then I'd probably verify that
SSL is configured properly and explicitly trusted by the workstation.
Making this work in the Restricted Browser is covered in the CLE
documentation, as I recall, or maybe you just need to add this URL to the
list of trusted sites.

P.S. Masking out private addresses does not make any sense; there is no
way anybody outside your organization can route to them in any case.
Applies to 10.x.x.x, 172.16.x.x, and 192.168.x.x addresses.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: CLE: You must use the HTTPS protocol


I already have the URL in the list of trusted sites of IE


--
joydeepg
------------------------------------------------------------------------
joydeepg's Profile: https://forums.netiq.com/member.php?userid=7638
View this thread: https://forums.netiq.com/showthread.php?t=53666

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: CLE: You must use the HTTPS protocol


Now I am getting "Access is restricted to your target server. You may
not follow links to other servers." when I click the "Forgotten
Password" link. Can anybody please help?


--
joydeepg
------------------------------------------------------------------------
joydeepg's Profile: https://forums.netiq.com/member.php?userid=7638
View this thread: https://forums.netiq.com/showthread.php?t=53666

0 Likes
Knowledge Partner
Knowledge Partner

Re: CLE: You must use the HTTPS protocol

That error comes from the CLE so you may want to try posting something in
the IDM forums where there may be more expertise specific to that
technology. Otherwise, see if anything shows up on the SSPR side at all
when clicking on the link (guessing it will not) and then try to figure
out any misconfiguration issues between what is configured to be allowed
vs. what is being attempted. For example, if you access SSPR via DNS and
then something tries to request a supporting (image/CSS/JS) file via IP
the CLE may not approve and give that error.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: CLE: You must use the HTTPS protocol


I am able to redirect to the SSPR forgot password page. However, if i
have a user in edirectory whose challenge set is not configured, I am
getting an error which is saying "does not have a configured response {
5006 ERROR_RESPONSE_NORESPONSES". I think the rest uri is not working
for sspr. How to enable that? Can you please guide?


--
joydeepg
------------------------------------------------------------------------
joydeepg's Profile: https://forums.netiq.com/member.php?userid=7638
View this thread: https://forums.netiq.com/showthread.php?t=53666

0 Likes
Knowledge Partner
Knowledge Partner

Re: CLE: You must use the HTTPS protocol

If you do not have challenge/response information set, then the CLE is of
no use. That must (as far as I have ever heard anyway) be done ahead of
time. If not, then the SSPR appropriately assumes that the user is going
there to login and, per administrator policy, set those types of things.
That should all be done, outside of the CLE, ahead of time.


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.