CA Service Management

 View Only
Expand all | Collapse all

USS onboard tenant multiple domain

  • 1.  USS onboard tenant multiple domain

    Posted Dec 12, 2017 01:30 PM

    I created a new onboard tenant and defined its domain(that apears in the login page)

    The problem is that I have users from other domains that need to access the same onboard tenant.

    It is possible to configure that way?



  • 2.  Re: USS onboard tenant multiple domain

    Broadcom Employee
    Posted Dec 13, 2017 03:58 PM

    Hi Paulo,

     

    You should be able to add a second value under the initial domain in the file C:\Windows\System32\drivers\etc\hosts on the client machine for the onboarded tenant, for example:

     

    USSIPADDRESS test.company1.com
    USSIPADDRESS test.company2.com

     

    This will be interpreted as a virtual host on your server and it should be recognized by the DNS.

     

    Thanks,
    Scott



  • 3.  Re: USS onboard tenant multiple domain

    Posted Dec 14, 2017 05:41 AM

    Hi

     

    This is not what I want.

    I will continue to access the uss onboard tenant by the same address (http://construdecor.baymetrics.com.br:8686 )

    My default domain is construdecor.com.br but what I need is to be able to login with users from other domains like @dicico.com.br and @sodimac.com.br

    In my EEM I already have the LDAP servers from this domains configured, so the users from its domains are available.

    I already have the users for this domains in SDM and Catalog



  • 4.  Re: USS onboard tenant multiple domain

    Posted Dec 14, 2017 07:26 AM

    Paulo,

    First of all I will strongly advise you to turn this to https as the quicker possible!!!!

    Your site is publically available with login page exposing your end users domain credentials.

    /J



  • 5.  Re: USS onboard tenant multiple domain

    Broadcom Employee
    Posted Dec 14, 2017 09:15 AM

    Paulo,

    In your hosts file, C:\Windows\System32\drivers\etc\hosts

     

    You have:

    USSIPADDRESS construdecor.com.br

     

    And users from the construdecor.com.br domain are able to log in, correct?

     

    If you add:

    USSIPADDRESS dicico.com.br

    Below the first entry, users from dicico.com.br are not able to log in, correct?

     

    If so do they receive a specific error?

    Perhaps you can capture the error in the USS Liferay log and post it?

     

    Thanks,

    Scott

     

     



  • 6.  Re: USS onboard tenant multiple domain

    Posted Dec 14, 2017 05:41 PM

    Hello Paulo,

    I have USS with some domain and its possible for users from other domain to login in.

    If you already have those domains into EEM, those users should be able to login into USS, please tell me what is the error when trying to login.

     

    Regards,



  • 7.  Re: USS onboard tenant multiple domain
    Best Answer

    Posted Dec 15, 2017 11:26 AM

    Hi

     

    I opened a ticket in support and analysing we discovered that the problem is that the user from the second domain has the same userid in AD, so when the uss try to create the new user it is not possible because of the same screen name



  • 8.  Re: USS onboard tenant multiple domain

    Posted Dec 15, 2017 12:12 PM

    you may want to change using email address in stead of screenname in liferay configuration to avoid that.

    I do either believe that USS itself use the email address to connect back to SDM and SC

    My 2cents

    /J



  • 9.  Re: USS onboard tenant multiple domain

    Posted Dec 15, 2017 12:16 PM

    And do you know how to change this in liferay config?



  • 10.  Re: USS onboard tenant multiple domain

    Posted Dec 15, 2017 12:26 PM

    after successful logon to USS with admin account

    modify the URL in your browser to: <yourdomainpath>/group/control_panel

    scroll down on the left menu down to the portal settings

    on the right side menu under configuration select authentication

    Then in the dropdown menu "How do users authenticate" select email.

    Don't forget to save.

    The down side of this is that you will need to inform your user to use their email address to logon to USS vs their userid but as email will be mostly different per domain you must not have duplicate anymore.

     

    /J



  • 11.  Re: USS onboard tenant multiple domain

    Posted Dec 15, 2017 12:37 PM

    My system is already with that configuration.

    The problem is that for some reason, when the uss try to create a new user it validates also the userid in ad and this name matches screen name in uss.

    The screen name must be unique, so 2 equal usernames with different email addresses are not able to have both a user in uss.



  • 12.  Re: USS onboard tenant multiple domain

    Posted Dec 15, 2017 12:43 PM

    well then your problem is not with the authentication but with the import of your users.

    the modify the mapping in the ldap configuration to change the screenname to be the email address vs. the sAMAccountName and revert back the previous change to use screenname.

    This must fix your problem

     

     

     

    Hope this help

    /J