Governance - Cant authenticate with IM users in Portal Governance

book

Article ID: 223768

calendar_today

Updated On:

Products

CA Identity Suite

Issue/Introduction

Trying to authenticate in IG with IM users and authentication of same user is working fine in IM side but in IG it's fails.

Cause

1. Please, review if IM authentication is properly enabled reviewing documentation 
2. If IM authentication is properly enabled following the documentation  also check if the settings were changed if restarted IG to apply the changes. (See article ID: 6892 - No password enforcement in CA Identity Portal despite security being enabled)
3. One last possible cause if associations of fields between IM and IG for authentication proposes is not well configured

Environment

Release : 14.2

Component :

Resolution

1. The Universe "Usuarios_auth_Governance" to import data from IDM was using the field "Configuration Users Login Field as "UserName"
2. the Universe "Usuarios_auth_Governance" Connectivity tab was associating the IG Field "User Name" with IM "Login Id"  field

3. The first user tested worked because:

IG - PersonId = USERA / IM userid = USERA
IG - User Name = USERA / IM Login Id = USERA
Login in IM by USERA user working fine
Login in IG by USERA user working fine

4. The second user worked authentication in IM but failed the authentication in IG:

IG - PersonId = 1036659157 / IM userid = 1036659157
IG - User Name = USERB / IM Login Id = USERB
Login in IM by USERB user working fine
Login in IG by USERB always FAILS.

5 - So edited the Universe "Usuarios_auth_Governance" and changed the field "Configuration Users Login Field" from "UserName" to "PersonId".

6- Ran again a new Import from IM to IG and both use cases above worked fine.

For IG works needs match the Personid field with IM unique field that in this case is User Id.
When authenticating in IG User Console User will enter with the UserName field as IG User Name (same than IM Login ID) and  IG will authentication will go internally to IM with the PersonID that in this case matches with Userid and authentication will proceed.