Service Virtualization

  • Private Community
 View Only

  • 1.  Unable to Login with LDAP Credentials

    Posted Sep 03, 2019 10:26 AM
    Edited by Chaya Pothuraju Sep 03, 2019 11:15 AM
    Hello,
    We run 3 servers on DevTest 10.3, with LDAP configured for SSO, for Functional and Performance testing. With the release of the new DevTest version, we are now planning to Upgrade to 10.5 to leverage the latest features. For this, we started by installing DevTest 10.5 on a dev VM before upgrading the rest. All the Virtualization features work in 10.5, except the LDAP integration with IAM.
    I followed the following steps to integrate LDAP with IAM in 10.5:

    1. Copy LDAP Configurations (Authentication Provider and LDAP mapping files) from our existing servers.
    2. Import them into the Dev VM and upload them to IAM via the Import LDAP Authentication Provider screen.
    3. Upon importing, verify if the LDAP groups imported are set with the appropriate riles in DevTest.

    Once this is done, I was able to test the LDAP connection and test the Authentication successfully. Post validation, I restarted the services and tried logging in through the LDAP credentials into IAM and Enterprise Dashboard. However, I get the following error:

     I've tried different mappings of the username attribute but nothing seems to work.
    Appreciate any help on this topic.

    Thanks,
    Chaya Pothuraju.

    Useful Screenshots:






  • 2.  RE: Unable to Login with LDAP Credentials

    Broadcom Employee
    Posted Sep 03, 2019 11:26 AM
    HI Chaya
                This looks like a configuration related issue for sure. Please could you try the following steps:

    1. In the LDAP configuration screen, assign a 'Default role'. Its empty as of now (as noticed from the screenshot that has been shared)
    2. Save the configuration and login to portal as an LDAP user

    Please let me know if it resolves the issue. If not, we shall have a webex session to go over this.

    -Sankar

    ------------------------------
    Sankar Natarajan
    Service Virtualization Product Engineering Team
    Broadcom
    ------------------------------

    Original Message


  • 3.  RE: Unable to Login with LDAP Credentials

    Posted Sep 03, 2019 11:56 AM
    Hello Sankar,
    Thank you for the quick reply.

    I tried changing the configuration to set a default role and then tried logging in from the portal. However, I'm still not authenticated with the LDAP credentials.
    This is the error that I'm getting on the Portal:

    Can you kindly suggest the next steps in fixing this issue.

    Thanks,
    Chaya Pothuraju.
    Original Message


  • 4.  RE: Unable to Login with LDAP Credentials

    Broadcom Employee
    Posted Sep 03, 2019 12:15 PM
    HI Chaya
                Please try the following steps to diagnose further:

    1. Login to IAM as admin user and search for LDAP users from 'Manage Users'
    2. Try to login to IAM as LDAP User and see if you are able to login


    regards
    Sankar


    ------------------------------
    Sankar Natarajan
    Service Virtualization Product Engineering Team
    Broadcom
    ------------------------------

    Original Message


  • 5.  RE: Unable to Login with LDAP Credentials

    Posted Sep 03, 2019 12:32 PM
    Hello Sankar,
    I logged into IAM with the admin credentials and these are the users(the default users) that I can find under Manager Users:


    Also, I'm unable to login to IAM with my LDAP credentials. I tried logging into IAM, Enterprise Dashboard, Registry and Portal after configuring the LDAP on IAM and none of them were able to authenticate my LDAP user. Even though the Tests for LDAP connection and LDAP Authentication are successful, I don't think DevTest is able to hit LDAP with the information entered on the login pag (this is strictly my observation).

    I also failed to find any useful information in the IAM logs to troubleshoot this issue. So, can you kindly suggest what we can do next.

    Thanks,
    Chaya.
    Original Message


  • 6.  RE: Unable to Login with LDAP Credentials

    Broadcom Employee
    Posted Sep 04, 2019 02:09 AM
    I can have a quick look at your configuration over a webex. Please let me know what time works for you. Btw, I am in IST time.(India Standard time).


    ------------------------------
    Sankar Natarajan
    Service Virtualization Product Engineering Team
    Broadcom
    ------------------------------

    Original Message


  • 7.  RE: Unable to Login with LDAP Credentials
    Best Answer

    Broadcom Employee
    Posted Sep 04, 2019 08:00 PM
    We had the webex and it was figured that username need to be assigned with 'sAMAccountName' instead of cn as userids are stored in sAMAccountName as per their LDAP schema. cn was containing full name of the user.

    This was identified by enabling printing LDAP queries in server.log file of IAM. This is how it was done:

    File: LISA_HOME\IdentityAccessManager\standalone\configuration\standalone.xml


    Add the following few lines at same level as that of other loggers in the file around line 120. Save the file and restart IAM. With this change, you would be able to see the LDAP queries invoked from IAM to your LDAP server.

    <logger category="org.keycloak.storage.ldap">
    <level name="DEBUG"/>
    </logger>



    ------------------------------
    Sankar Natarajan
    Service Virtualization Product Engineering Team
    Broadcom
    ------------------------------

    Original Message


  • 8.  RE: Unable to Login with LDAP Credentials

    Posted Feb 04, 2020 08:04 AM
    Hello Sankar, I believe I am having this same issue. Do you have the steps to correctly map or could we have a Webex?
    Original Message


  • 9.  RE: Unable to Login with LDAP Credentials

    Broadcom Employee
    Posted Feb 04, 2020 08:10 AM
    HI Martin
              Please could you report a support case for this. Our support teams will assist you.

    --
    regards
    Sankar Natarajan



    Original Message