Enabling AD Authentication.
search cancel

Enabling AD Authentication.


Article ID: 50981


Updated On:


CA Identity Manager CA Identity Governance CA Identity Portal



How to configure AD Authentication for RCM.


Component: SGRM



Set the following properties through the RCM portal under Administration=> Settings => System Properties:

  • sage.security.disable = false
  • sage.security.disable.ADAuthentication = false
  • security.ldap.server = <domain name> (example: you_domain.com)
  • security.manager.dn = <AD bind account> (example: administrator). The DN might be required only when using SSL authentication
  • security.manager.password = <AD bind account's password>
  • You MUST have a Login ID filed in the UDB with the domain name (example: domain\jsmith)
  • When logging in, the user MUST provide the Login ID (example: domain\jsmith)
  • sage.security.siteminder.domain.attribute = rcm_domain
  • sage.security.credentials.expiration.seconds = 60
  • sage.security.eurekify.keystore.password = (leave empty)
  • sage.security.GUID.expiration.minutes = 360
  • sage.security.disable.webpage.authorization = false
  • sage.security.siteminder.username.attribute = sm_user
  • sage.security.eurekify.keyStore.file = (leave blank)
  • sage.security.GUID.expiration.delta.seconds = 60
  • sage.security.siteminder.enabled = false
  • sage.security.disable.ADAuthentication = false
  • sage.security.disable.ssl.ADAUthentication = true

If the username/password is not correct, a misleading error message will be displayed:

(This had been encountered in v12.5 SP2, it might have been fixed in newer versions).

Errors related to wrong username/password will NOT be logged into the server log file, however, if the RCM server can't access the AD, then an error message will be logged in the log file.