Cannot login as an Advanced Auth Admin console when using a User from an LDAP Organization
search cancel

Cannot login as an Advanced Auth Admin console when using a User from an LDAP Organization


Article ID: 100423


Updated On:


CA Rapid App Security CA Advanced Authentication


Users sometimes assume that they can use a LDAP user associated as a CA Strong Authentication Admin. CA Strong Authentication requires that any user be first promoted to an Admin role and the Admim be tied to saved Admin credentials. Not promoting the User to an Admin will always lead to authentication failures when logging on to the Admin console via the URL like such http://hostname:port/arcotadmin/arcotadminlogin.htm


CA Strong Authentication Admin UI


Security protocols dictate that a User be promoted to an Admin and an Admin be tied to securely configured credentials. So not promoting a User to an Admin will lead to authentication failures. 


Any User that is associated with an LDAP organization and needs to Manage other Organizations will need to be promoted from User to an Admin role. Here are the steps: 

1. Login in as MA 
2. Navigate to tab "Users and Administrators"
3. Search the users using "Search Users and Administrators" screen providing the LDAP Organization's  "Display Name" for "Organization" and then clicking on "Search" 
4. Click on the user to promote.
5. On the "Basic User Information" screen click on "Edit" 
6. On the "Update Administrator" screen click on "Update Administrator Details" 
7. Set the "Role" to say "Global Administrator"  and Set the Admin Password. 
8. Set the "Manages" by shifting the LDAP organization into the "Selected Organizations" 
9. Click "Save"
10. Refresh the Cache by Navigating  to "Services and Server Configuration" and then to "Administration Console". Refresh Cache. 
11. Logout of MA and navigate to Admin using say the URL - http://lhostname:port/arcotadmin/arcotadminlogin.htm
12. Provide the "Organization Name;" as the LDAP Organization where the LDAP user  (Promoted to Advanced Authentication Admin) exists. 

Login is now successful. So, basically if LDAP user / org is used for admin access - User needs to be exist in the LDAP org and the user needs to be promoted to an Admin role.

Additional Information