Hi all,
Now I complete configure User are in Active Directory can login now.
BTW, many of you told that anonymous user from AD authentication can login on ASAP but cannot do anything.
After I pass this one to security test of my customer they can created new application by something broke the rules of product step by step like this :
- They login by user without any member of imported groups
- In 1st landing page of ASAP will be Design with message "You have no permission for current application." (Still looking correct)
- They can click to Reports tab (Also can generate Change Log)
- After Reports tab showing click back to Design Tab.
- Then GUI of Design Tab a bit change and 3 buttons (New Application/Save/Test) appear and can perform new application now.
This have 2 problems about security standard on customer.
- User that's should not have authorized should not perform and view Audit Logs or any reports
- User can create new application that's will have Risk about application management in Customer framework\
This case I already open support case.
If anyone asked about ROC authentication, I already change and customized the authentication of ROC and already success.
Thank you and regards,
Nithi P.