LDAP authentication fails on CA NFA when integrated with NPC.

book

Article ID: 8014

calendar_today

Updated On:

Products

CA Network Flow Analysis (NetQos / NFA)

Issue/Introduction

 

You will see in the SingleSignOnAuditlogDate;

Username: [email protected]

Remember Me: false

SSO version: 7.0

Error Message: Unable to authenticate user.

Error Message: Unable to authenticate user.

 

 

 

Cause

CA Support will raise this with engineering. It's possibly a bug. This KD will be updated with a bug reference if CA engineering consider this a bug.

Environment

NFA 9.3.7 on Windows 2012 R2 and NPC 6.2.103 on Windows 2008 R2 and NFA is added as a datasource in NPC.

Resolution

It was found that the issue is with user logins with [email protected] in NPC. 

The user is created in NPC as username, then it is synced down to NFA.

The user then tries to login to NFA with [email protected], LDAP validation succeeds, but [email protected] can't be looked up in NFA, because it's only stored as a username 'without' the domain. 

But you can alter the sign-in-process.jsp file so it removes @domain.com if the Ldap validation is successful, then the LDAP login in NFA works. 

 

Code to set in the sign-in-process.jsp file...

ldapAuthenticationPassed = ldapAuthentication.authenticate(username, password, session, singleSignOnWSSoap); 

if (ldapAuthenticationPassed) 

int spaceIndex = username.indexOf("@"); 

if (spaceIndex != -1) 

username = username.substring(0, spaceIndex); 

password = StringUtils.EMPTY; 

}

 

Additional Information

There could be other reasons why you have an authentication failure using LDAP/SSO. If unsure of the root cause and solution then please open a support case with CA support, and perhaps reference this technical document.