Enabling AD Authentication.

book

Article ID: 50981

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal

Issue/Introduction

Description:

How to configure AD Authentication for RCM.


Environment

Release:
Component: SGRM

Resolution

Solution:

Set the following properties through the RCM portal under Administration=> Settings => System Properties:

  • sage.security.disable = false
  • sage.security.disable.ADAuthentication = false
  • security.ldap.server = <domain name> (example: you_domain.com)
  • security.manager.dn = <AD bind account> (example: administrator). The DN might be required only when using SSL authentication
  • security.manager.password = <AD bind account's password>
  • You MUST have a Login ID filed in the UDB with the domain name (example: domain\jsmith)
  • When logging in, the user MUST provide the Login ID (example: domain\jsmith)
  • sage.security.siteminder.domain.attribute = rcm_domain
  • sage.security.credentials.expiration.seconds = 60
  • sage.security.eurekify.keystore.password = (leave empty)
  • sage.security.GUID.expiration.minutes = 360
  • sage.security.disable.webpage.authorization = false
  • sage.security.siteminder.username.attribute = sm_user
  • sage.security.eurekify.keyStore.file = (leave blank)
  • sage.security.GUID.expiration.delta.seconds = 60
  • sage.security.siteminder.enabled = false
  • sage.security.disable.ADAuthentication = false
  • sage.security.disable.ssl.ADAUthentication = true

If the username/password is not correct, a misleading error message will be displayed:

(This had been encountered in v12.5 SP2, it might have been fixed in newer versions).

Errors related to wrong username/password will NOT be logged into the server log file, however, if the RCM server can't access the AD, then an error message will be logged in the log file.

Attachments