Enabling AD Authentication.
book
Article ID: 50981
calendar_today
Updated On:
Products
CA Identity Manager
CA Identity Governance
CA Identity Portal
Show More
Show Less
Issue/Introduction
Description:
How to configure AD Authentication for RCM.
Environment
Release: Component: SGRM
Resolution
Solution:
Set the following properties through the RCM portal under Administration=> Settings => System Properties:
sage.security.disable = false sage.security.disable.ADAuthentication = false security.ldap.server = <domain name> (example: you_domain.com) security.manager.dn
= <AD bind account> (example: administrator). The DN might be
required only when using SSL authentication security.manager.password = <AD bind account's password> You MUST have a Login ID filed in the UDB with the domain name (example: domain\jsmith) When logging in, the user MUST provide the Login ID (example: domain\jsmith) sage.security.siteminder.domain.attribute = rcm_domain sage.security.credentials.expiration.seconds = 60 sage.security.eurekify.keystore.password = (leave empty) sage.security.GUID.expiration.minutes = 360 sage.security.disable.webpage.authorization = false sage.security.siteminder.username.attribute = sm_user sage.security.eurekify.keyStore.file = (leave blank) sage.security.GUID.expiration.delta.seconds = 60 sage.security.siteminder.enabled = false sage.security.disable.ADAuthentication = false sage.security.disable.ssl.ADAUthentication = true If the username/password is not correct, a misleading error message will be displayed:
(This had been encountered in v12.5 SP2, it might have been fixed in newer versions).
Errors
related to wrong username/password will NOT be logged into the server
log file, however, if the RCM server can't access the AD, then an error
message will be logged in the log file.
Feedback
thumb_up
Yes
thumb_down
No