Release Automation

Expand all | Collapse all

AD User Authentication

Jump to Best Answer
  • 1.  AD User Authentication

    Posted 08-04-2017 03:46 AM

    Hi all,

     

    Now I complete configure User are in Active Directory can login now.

     

    BTW, many of you told that anonymous user from AD authentication can login on ASAP but cannot do anything.

    After I pass this one to security test of my customer they can created new application by something broke the rules of product step by step like this :

     

    1. They login by user without any member of imported groups
    2. In 1st landing page of ASAP will be Design with message "You have no permission for current application." (Still looking correct)
    3. They can click to Reports tab (Also can generate Change Log)
    4. After Reports tab showing click back to Design Tab.
    5. Then GUI of Design Tab a bit change and 3 buttons (New Application/Save/Test) appear and can perform new application now.

     

    This have 2 problems about security standard on customer.

    1. User that's should not have authorized should not perform and view Audit Logs or any reports
    2. User can create new application that's will have Risk about application management in Customer framework\

     

    This case I already open support case.

    If anyone asked about ROC authentication, I already change and customized the authentication of ROC and already success.

     

    Thank you and regards,

    Nithi P. 



  • 2.  Re: AD User Authentication

    Posted 08-09-2017 04:05 AM

    Hi Nithi.P, since you have already raised this as a support case for either issues, we will mark this thread closed for now and update the final solution\workaround\fix once we have it on the support case.



  • 3.  Re: AD User Authentication
    Best Answer

    Posted 08-09-2017 06:03 AM

    Hi Nithi

    Thank you for getting this up, we have a defect raised on this case.  We will keep you updated.

    Regards,

    Piyush