Ces cep kbr not working as expected

Hessel Hazewindus 1 Reputation point
2020-07-13T18:08:46.633+00:00

Have a ces/ cep server with two ces cep instances.

Username/password keybased renewal allowed
Certificatebased renewalonly

The gpo sets an order of certificate based as default and username password as second

The initial request happens via username password. When the certificate is issued and installed, i test the renewal winch happens perfectly via the certificate based policy.

When i delete the policycache, the renewal breaks ( acquired as silent error) and starts asking for credentials again. So it works as expected as long as the policycache is there which contains the cached password i guess. The cache is only valid for 8 h

Need a situation in which without cache the certificate is used for authentication. Anybody knows how to realize this?

Have already read most articles mentioning the same issue.

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,667 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Vahid Ghafarpour 21,085 Reputation points
    2023-09-18T18:31:53.9866667+00:00

    When you delete the policy cache, Azure AD Conditional Access policies are re-evaluated, and if the certificate-based policy is not met (e.g., because the certificate-based policy might have conditions or requirements that are not met at that moment), Azure AD falls back to other available methods, such as username/password.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.