You are viewing limited content. For full access, please sign in.

Question

Question

Forms-"The information you’re about to submit is not secure"

Forms Directory Server Version 10
Updated August 23, 2022
asked on July 13, 2022

Hello,

We have a customer who is using Forms with LFDS Authentication

They updated a SSL Certificate and now once they pass their LFDS Creds, they are taking to a screen that says "The information you’re about to submit is not secure"

When they click "Send Anyway" and are redirected to their Forms Inbox, the Forms URL shows as SSL Secure in Browser.

I thought this was related to possible Secure Cookies in Chrome, but this does not seem to be the case.

Anyone else seeing this or seen this issue.

LF Forms and LFDS are version 10.4.5.

Thanks for the feedback,

Jeff Curtis

0 0

Answer

APPROVED ANSWER
replied on August 23, 2022

A support case was opened for the issue. In the FormsConfig site, the Forms Server page needed to use the proper FQDN for the Primary Forms Server URL, one that the SSL certificate subject accounts for. The same needed to be done for the User Authentication page and the Laserfiche Forms Host URL value. Once that was changed, then the issue was resolved and users were no longer getting redirected back to insecure sites.

0 0

Replies

replied on July 13, 2022

I belive you have to point to the new certificate in the STS config as well as IIS bindings for DS Auth systems.

The STS config is a bit weird as it is not in the DS Admin interface, it is an executable somewhere in the DS program files folder.

0 0
replied on July 13, 2022

Hi Jeff,

This indicates a problem with TLS between IIS and the browser. I am guessing when you are on the STS login page, you do not see the secure padlock in the URL bar, right? Try checking the certificate bound to port 443 in IIS for the STS machine. Make sure that this certificate is valid and is issued to the hostname that end users will access to reach STS (and/or make sure the hostname is in the Subject Alternative Names list for the certificate). Finally, make sure that the client machines trust this cert or the CA that issued it.

0 0
replied on July 15, 2022

Thanks Chad and Chase

I am following up with the customer on this.

Jeff

0 0
replied on July 21, 2022

Hey Chase and Chad,

Just met with the customer and the STS Page does load secure.

The SSL certs used in IIS are correct and they match the XMLEndpointUtility.

The hostname is in the Subject Alternative Names list for the certificate as well.

The LicenseManagerSTS app pool and the STS EndpointUtility both use the same Domain LF Service account, which also is a Local Admin on the machine and has full rights to the SSL Cert.

Forms and LFDS are on the same server.

I am wondering if it something with a browser session token.  Upon 1st login they get the non-secure splash screen. If they log out, but keep the browser open, then log back in no non-secure splash. This happens in Chrome/Edge. 

They do not use Firefox.

I remember a while back there was an issue with something like Same Site flag settings in Chrome/Edge that was causing another issue with the loading of Forms, and there was a KB article for this, but I can't seem to find it.

Not sure if either of you have any other ideas....

Thanks again,

Jeff Curtis

 

0 0
View 1 previous reply
replied on July 22, 2022

In this case I would recommend opening a support case and including a video of the behavior they are seeing.

1 0
replied on July 22, 2022

Thanks Chase 

Will do.

Jeff

0 0
replied on July 22, 2022

A har file capture from the browser would also be helpful, as it will show pretty clearly which requests are using http and which are using https. You'll want to make sure the "Preserve log" option is checked since it sounds like there are multiple pages involved.

2 0
APPROVED ANSWER
replied on August 23, 2022

A support case was opened for the issue. In the FormsConfig site, the Forms Server page needed to use the proper FQDN for the Primary Forms Server URL, one that the SSL certificate subject accounts for. The same needed to be done for the User Authentication page and the Laserfiche Forms Host URL value. Once that was changed, then the issue was resolved and users were no longer getting redirected back to insecure sites.

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...