Cannot login to the Advanced Auth Admin console when using a User from an LDAP Organization
book
Article ID: 100423
calendar_today
Updated On:
Products
CA Advanced AuthenticationCA Strong AuthenticationCA Risk Authentication
Issue/Introduction
Users sometimes assume that they can use a LDAP user associated as a CA Strong Authentication Admin. CA Strong Authentication requires that any user be first promoted to an Admin role and the Admim be tied to saved Admin credentials. Not promoting the User to an Admin will always lead to authentication failures when logging on to the Admin console via the URL like such http://hostname:port/arcotadmin/arcotadminlogin.htm
Environment
CA Strong Authentication Admin UI
Cause
Security protocols dictate that a User be promoted to an Admin and an Admin be tied to securely configured credentials. So not promoting a User to an Admin will lead to authentication failures.
Resolution
Any User that is associated with an LDAP organization and needs to Manage other Organizations will need to be promoted from User to an Admin role. Here are the steps:
Login in as MA
Navigate to tab "Users and Administrators"
Search the users using "Search Users and Administrators" screen providing the LDAP Organization's "Display Name" for "Organization" and then clicking on "Search"
Click on the user to promote.
On the "Basic User Information" screen click on "Edit"
On the "Update Administrator" screen click on "Update Administrator Details"
Set the "Role" to say "Global Administrator" and Set the Admin Password.
Set the "Manages" by shifting the LDAP organization into the "Selected Organizations"
Click "Save"
Refresh the Cache by Navigating to "Services and Server Configuration" and then to "Administration Console". Refresh Cache.
Logout of MA and navigate to Admin using say the URL - http://lhostname:port/arcotadmin/arcotadminlogin.htm
Provide the "Organization Name;" as the LDAP Organization where the LDAP user (Promoted to Advanced Authentication Admin) exists.
Login is now successful. So, basically if LDAP user / org is used for admin access - User needs to be exist in the LDAP org and the user needs to be promoted to an Admin role.