Symantec Access Management

  • Private Community

  • 1.  Login Page with Active directory authentication

    Posted Mar 30, 2015 10:05 AM

    My environment for siteminder is configured with Oracle directory services for authentication and authorization purpose. If i want to configure one or some  urls with Active directory for authentication and authorization mean How will I configure it ? At present I have utilized the Windows Authentication scheme but its working as IWA .. I want to configure a Login page with Active directory for authentication and authorization. Please help



  • 2.  Re: Login Page with Active directory authentication

    Posted Mar 30, 2015 11:45 AM

    Karthik Karthikchari

     

    In a very crude basic setup (as we do not know much about the infrastructure).

     

    /URL1 ---> Protected via PolicyDomain1 / Realm --> Realm is linked to AuthScheme Basic.

    /URL2 ---> Protected via PolicyDomain2 / Realm --> Realm is linked to AuthScheme IWA.

    /URL3 ---> Protected via PolicyDomain3 / Realm --> Realm is linked to AuthScheme HTML Forms.

     

    PolicyDomain1 is linked to ODS.

    PolicyDomain2 and PolicyDomain3 is linked to AD.

     

    NOTE : In the above usecase all URLs are different. Hence it is easy to segregate the protection mechanisms. If your usecase is different, kindly break the usecase giving some example like above. If you wish to use the same URL for IWA and Forms, there is not a solution OOB [You'll need customization].

     

     

    Regards

     

    Hubert



  • 3.  Re: Login Page with Active directory authentication

    Posted Mar 30, 2015 03:26 PM

    Thanks for your reply Hubert,

     

    I have also tried configure the HTML forms as Authscheme and mapping the AD user directory in the domain. but I'm unable to successfully access the resource, it keeps on coming to the same log in page.



  • 4.  Re: Login Page with Active directory authentication

    Posted Mar 30, 2015 03:34 PM

    That suggests to me an Authentication failure (Check the smaccess.log on Policy Server).

     

    Things to check.

    • Check the User Directory Search Filter (You may have set it to a value which is conducive for IWA to work, as per IWA documentation steps). User Directory filter for HTML Forms should work if your IWA journey is working. But it is always good to glance back and check.
    • Enable the Policy Server Trace logs to see what LDAP Query is being sent to AD.

     

    Regards

     

    Hubert



  • 5.  Re: Login Page with Active directory authentication

    Posted Mar 30, 2015 10:42 PM

    Hi,

     

    In addition to what Hubert mentioned, AD and Oracle directory search filter is different. AD is using samAccountName while Oracle directory server use uid.

    smaccess log and policy server trace log will give us better hints on why user unable to login.

     

    Regards,

    Kar Meng