Forums

Back

IRIS logins with CAC are now fixed

RSS (Opens New Window)(Opens New Window)
MD
Matt Davis, modified 6 Years ago.

IRIS logins with CAC are now fixed

Youngling Posts: 199 Join Date: 6/14/11 Recent Posts
Hi Everyone,

As of the last upgrade, you can now log into IRIS with CAC or your LDAP email credentials without it timing out during your shift. The prior problem was that the new authentication method was sending a security cookie to your browser with a lifetime of 24 hours. So, you could access IRIS and be prompted to authenticate at 4 am one day, and then come in on the next shift and get in without authentication at 1 am, then three hours later, be unable to use IRIS due to the cookie expiration.

We now track the security cookie age, and if, when you start IRIS, it's greater than 8 hours old, we delete the cookie and force re-authentication.

Thanks,
Matt



--
Project manager for IRIS, iNWS, CAP handler, and NWSChat Update projects
Decision Support Branch
Meteorological Development Lab
Office of Science and Technology Integration
NOAA DSRC 3D131, Boulder, Colorado
(608) 406-0537



JH
John Holsenbeck, modified 6 Years ago.

RE: IRIS logins with CAC are now fixed

Youngling Posts: 1 Join Date: 7/30/14 Recent Posts
Matt,

Thank you and the ICAMs team for fixing/implementing this.  I am out of the office on leave right now, but looking forward to using this when I return.

-Gusty


On Wed, Sep 18, 2019 at 6:20 PM Matt Davis <VLab.Notifications@noaa.gov> wrote:
Hi Everyone,

As of the last upgrade, you can now log into IRIS with CAC or your LDAP email credentials without it timing out during your shift. The prior problem was that the new authentication method was sending a security cookie to your browser with a lifetime of 24 hours. So, you could access IRIS and be prompted to authenticate at 4 am one day, and then come in on the next shift and get in without authentication at 1 am, then three hours later, be unable to use IRIS due to the cookie expiration.

We now track the security cookie age, and if, when you start IRIS, it's greater than 8 hours old, we delete the cookie and force re-authentication.

Thanks,
Matt



--
Project manager for IRIS, iNWS, CAP handler, and NWSChat Update projects
Decision Support Branch
Meteorological Development Lab
Office of Science and Technology Integration
NOAA DSRC 3D131, Boulder, Colorado
(608) 406-0537




--
Matt Davis IRIS Virtual Lab Forum http://vlab.noaa.gov/web/iris/iris-forum/-/message_boards/view_message/7634143 VLab.Notifications@noaa.gov
TS
Trent Smith, modified 6 Years ago.

RE: IRIS logins with CAC are now fixed

Youngling Posts: 2 Join Date: 9/30/15 Recent Posts
I have a co-worker in my office that is still having issues logging into IRIS using this CAC card.  He is getting the pop up box and selecting the CAC card option, but it is not having him put in this pin code.  Since he is not entering in his pin, the website will not allow access. 

Trent Smith
NWS Missoula, MT

On Tue, Oct 1, 2019 at 10:18 AM John Holsenbeck <VLab.Notifications@noaa.gov> wrote:
Matt,

Thank you and the ICAMs team for fixing/implementing this.  I am out of the office on leave right now, but looking forward to using this when I return.

-Gusty


On Wed, Sep 18, 2019 at 6:20 PM Matt Davis <VLab.Notifications@noaa.gov> wrote:
Hi Everyone,

As of the last upgrade, you can now log into IRIS with CAC or your LDAP email credentials without it timing out during your shift. The prior problem was that the new authentication method was sending a security cookie to your browser with a lifetime of 24 hours. So, you could access IRIS and be prompted to authenticate at 4 am one day, and then come in on the next shift and get in without authentication at 1 am, then three hours later, be unable to use IRIS due to the cookie expiration.

We now track the security cookie age, and if, when you start IRIS, it's greater than 8 hours old, we delete the cookie and force re-authentication.

Thanks,
Matt



--
Project manager for IRIS, iNWS, CAP handler, and NWSChat Update projects
Decision Support Branch
Meteorological Development Lab
Office of Science and Technology Integration
NOAA DSRC 3D131, Boulder, Colorado
(608) 406-0537




--
Matt Davis IRIS Virtual Lab Forum http://vlab.noaa.gov/web/iris/iris-forum/-/message_boards/view_message/7634143 VLab.Notifications@noaa.gov

--
John Holsenbeck IRIS Virtual Lab Forum http://vlab.noaa.gov/web/iris/iris-forum/-/message_boards/view_message/7770198 VLab.Notifications@noaa.gov
MD
Matt Davis, modified 6 Years ago.

RE: IRIS logins with CAC are now fixed

Youngling Posts: 199 Join Date: 6/14/11 Recent Posts
Hi Trent,

I have not heard of this behavior. Generally, it only doesn't ask for the PIN if you have accessed the NOAA SSO site in the past 15 minutes (either from IRIS or elsewhere).
In the case you describe, the user should hit cancel on the certificate selection box, then accept the NOAA banner, at which point they will be prompted
for their NOAA LDAP username and password.

Thanks,
Matt

On Sat, Dec 14, 2019 at 7:47 AM Trent Smith <VLab.Notifications@noaa.gov> wrote:
I have a co-worker in my office that is still having issues logging into IRIS using this CAC card.  He is getting the pop up box and selecting the CAC card option, but it is not having him put in this pin code.  Since he is not entering in his pin, the website will not allow access. 

Trent Smith
NWS Missoula, MT

On Tue, Oct 1, 2019 at 10:18 AM John Holsenbeck <VLab.Notifications@noaa.gov> wrote:
Matt,

Thank you and the ICAMs team for fixing/implementing this.  I am out of the office on leave right now, but looking forward to using this when I return.

-Gusty


On Wed, Sep 18, 2019 at 6:20 PM Matt Davis <VLab.Notifications@noaa.gov> wrote:
Hi Everyone,

As of the last upgrade, you can now log into IRIS with CAC or your LDAP email credentials without it timing out during your shift. The prior problem was that the new authentication method was sending a security cookie to your browser with a lifetime of 24 hours. So, you could access IRIS and be prompted to authenticate at 4 am one day, and then come in on the next shift and get in without authentication at 1 am, then three hours later, be unable to use IRIS due to the cookie expiration.

We now track the security cookie age, and if, when you start IRIS, it's greater than 8 hours old, we delete the cookie and force re-authentication.

Thanks,
Matt



--
Project manager for IRIS, iNWS, CAP handler, and NWSChat Update projects
Decision Support Branch
Meteorological Development Lab
Office of Science and Technology Integration
NOAA DSRC 3D131, Boulder, Colorado
(608) 406-0537




--
Matt Davis IRIS Virtual Lab Forum http://vlab.noaa.gov/web/iris/iris-forum/-/message_boards/view_message/7634143 VLab.Notifications@noaa.gov

--
John Holsenbeck IRIS Virtual Lab Forum http://vlab.noaa.gov/web/iris/iris-forum/-/message_boards/view_message/7770198 VLab.Notifications@noaa.gov

--
Trent Smith IRIS Virtual Lab Forum http://vlab.noaa.gov/web/iris/iris-forum/-/message_boards/view_message/8486035 VLab.Notifications@noaa.gov


--
Acting Chief, Weather Information Applications Branch
Meteorological Development Lab
Office of Science and Technology Integration
NOAA DSRC 3D131, Boulder, Colorado
(608) 406-0537



TS
Trent Smith, modified 5 Years ago.

RE: IRIS logins with CAC are now fixed

Youngling Posts: 2 Join Date: 9/30/15 Recent Posts
Thanks Matt.  I will have my co-worker try this. 

-Trent

On Mon, Dec 16, 2019 at 6:54 AM Matt Davis <VLab.Notifications@noaa.gov> wrote:
Hi Trent,

I have not heard of this behavior. Generally, it only doesn't ask for the PIN if you have accessed the NOAA SSO site in the past 15 minutes (either from IRIS or elsewhere).
In the case you describe, the user should hit cancel on the certificate selection box, then accept the NOAA banner, at which point they will be prompted
for their NOAA LDAP username and password.

Thanks,
Matt

On Sat, Dec 14, 2019 at 7:47 AM Trent Smith <VLab.Notifications@noaa.gov> wrote:
I have a co-worker in my office that is still having issues logging into IRIS using this CAC card.  He is getting the pop up box and selecting the CAC card option, but it is not having him put in this pin code.  Since he is not entering in his pin, the website will not allow access. 

Trent Smith
NWS Missoula, MT

On Tue, Oct 1, 2019 at 10:18 AM John Holsenbeck <VLab.Notifications@noaa.gov> wrote:
Matt,

Thank you and the ICAMs team for fixing/implementing this.  I am out of the office on leave right now, but looking forward to using this when I return.

-Gusty


On Wed, Sep 18, 2019 at 6:20 PM Matt Davis <VLab.Notifications@noaa.gov> wrote:
Hi Everyone,

As of the last upgrade, you can now log into IRIS with CAC or your LDAP email credentials without it timing out during your shift. The prior problem was that the new authentication method was sending a security cookie to your browser with a lifetime of 24 hours. So, you could access IRIS and be prompted to authenticate at 4 am one day, and then come in on the next shift and get in without authentication at 1 am, then three hours later, be unable to use IRIS due to the cookie expiration.

We now track the security cookie age, and if, when you start IRIS, it's greater than 8 hours old, we delete the cookie and force re-authentication.

Thanks,
Matt



--
Project manager for IRIS, iNWS, CAP handler, and NWSChat Update projects
Decision Support Branch
Meteorological Development Lab
Office of Science and Technology Integration
NOAA DSRC 3D131, Boulder, Colorado
(608) 406-0537




--
Matt Davis IRIS Virtual Lab Forum http://vlab.noaa.gov/web/iris/iris-forum/-/message_boards/view_message/7634143 VLab.Notifications@noaa.gov

--
John Holsenbeck IRIS Virtual Lab Forum http://vlab.noaa.gov/web/iris/iris-forum/-/message_boards/view_message/7770198 VLab.Notifications@noaa.gov

--
Trent Smith IRIS Virtual Lab Forum http://vlab.noaa.gov/web/iris/iris-forum/-/message_boards/view_message/8486035 VLab.Notifications@noaa.gov


--
Acting Chief, Weather Information Applications Branch
Meteorological Development Lab
Office of Science and Technology Integration
NOAA DSRC 3D131, Boulder, Colorado
(608) 406-0537




--
Matt Davis IRIS Virtual Lab Forum http://vlab.noaa.gov/web/iris/iris-forum/-/message_boards/view_message/8499995 VLab.Notifications@noaa.gov