User unable to login WAMUI over external admin authentication
search cancel

User unable to login WAMUI over external admin authentication

book

Article ID: 259930

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign On Agents (SiteMinder) CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Federation (SiteMinder)

Issue/Introduction

After policy server upgrade, one admin user is not able to login WAMUI over external admin authentication.

The external admin authentication directory is AD. Some of the users from one OU can login, but others from a different OU can not.

The failed user login receives error on screen as below:

Environment

Release : 12.8.06

Cause

This external admin authentication login not only compares user id and password, but also verify user groups and other LDAP attribute.

During external admin authentication connection configuration, it requires admin to map a LDAP attribute to "Disabled State".

Customer choses "userCertificate" as "Disabled State", which is an incorrect LDAP attribute type.

That explains why the login screen and logs showing garbage characters and some part of it even relates to certificate. 

Resolution

During external admin authentication connection configuration, when asked to select a LDAP attribute as "Disabled State",

for AD, the attribute should be "UserAccountContol"; for other LDAP,  the attribute could be carLicense.

Using correct attribute value, re-establishing this external admin authentication connection from admin ui, resolves the problem.

Attachments

Powered by Wolken Software