search cancel

DisableState Attribute mapping while configuring external administrator authentication store for WAMUI

book

Article ID: 21009

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Description:

When WAMUI is configured for external authentication with AD and userAccountControl attribute is used for Disabled State then user is unable to login to admin UI.

Solution:

The %DISABLE% field is a siteminder managed field and must be configured to use an EMPTY or NON externally managed field.

In this case the customer was using a managed field (useraccountcontrol) to control the disablement of the user but as it does not use the siteminder entries, it does not work.

When AD is used as an external Admin user store the useraccountcontrol is always checked in addition to the %DISABLE% field. So the customer should have the functionality they require without having to specify it in the %DISABLE% field.

The order of checking for AD is the %DSIABLE% field then the useraccountcontrol field.

The customer should therefore configure the %DISABLE% field to point to an empty field in the AD.

For an example if disablestate would be mapped to CarLicense, which is generally an empty attribute, external authentication should work fine.

Environment

Release:
Component: SMAUI