cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4187
Views
8
Helpful
12
Replies

PSC - ldap attributes mapping

Michal Rzepecki
Level 1
Level 1

Hi,

What LDAP attribute should I map to PSC attribute - "New Password". This is mandatory but I don't know what it is for.

Thanks,

Mike

12 Replies 12

Paul Jeffrey
Level 1
Level 1

Hi Michal

This sets the default internal password for the user (we normally just map this to sAMAccountName). However ,you could make this any mapping or default value via an expression as one would generally use External Authentication or SSO for user sign in so this password would not be relevant unless using backdoor login.

Regards,

Paul

Hi Paul,

Thanks for explanation. What should I do if I don't want anybody to have backdoor login? Map it to some empty AD attribute?  I can't just leave this field empty because this is one of required fields.


BTW how does it work? Can this "new password" be used only when PSC has no communication with AD or user can use this password anytime?


Regards,

Mike

Hi Mike

The backdoor login is something that is generally kept private and only admins or support teams should know about, in addition you can change what the backdoor URL is and also only limit it to the admin account thereby prevent any of the users to log in.

This 'New Password' would only ever be used if for some reason you disabled you login events and external authentication/sso - not something one would typically do if they had AD integration enabled - If integration with the AD does go down (for networking or other reasons) then users would be able to log into the system at all, it would not fall back to the local password - in the this scenario only the admin who knows about this backdoor URL would be able to login.

In short, we've been using the sAMAccountName mapping for this attribute for several years on our implementations and not had any issues, it is just a case of ensuring only the correct users can access the backdoor URL.

Regards,

Paul

I've done following mapping:

PSC   -   AD

---------------------------------

First Name - givenName

Last Name - sn

Login ID - userPrincipalName

Person Identification - description

Email Address - mail

Home Organizational Unit - postOfficeBox

New Password - sAMAccountName


I've configured this mapping for event - "login", step - "external authentication".


In AD , postOfficeBox attribute for my user is set to "Site Administration" which is one of Organization units in PSC.


I can't log in to PSC using my AD account michal.rzepecki@mche.edu.pl ( or MCHE\michal.rzepecki).


What else should I do?


I've used the same bind user twice (michal.rzepecki@mche.edu.pl)  - at datasource configuration (test is passed)  and in options for event - "login", step - "external authentication". Why I had to repeat bind user in this option?


Regards,

Michal



Hi Mike

The login event will require at least two steps:

Step 1:

Either SSO or External Authentication

Step 2:

Person Import - This is required to create the person object in PSC and the login event will not complete without this.

Step 3 (OPTIONAL):

Import Manager - This can be used to import the manager based on the person's supervisor field mapping.

The BindDN for the External Authentication is slightly different, this is used to authenticate the user that is logging in, this is typically set to #AnyDomain#\#LoginId# where #LoginId# is substituted with the username entered on the login screen.

However, I see you are using UPN for your Login ID, therefore you would only need to configure #LoginId# for your External Authentication event.

If you are still experiencing issues after that please post some screenshots of your config for reference.

Regards,

Paul

I've written wrong account name in last post. I'm using PSCbinduser@mche.edu.pl at datasource configuration  and in options for event - "login", step - "external authentication".  Person Import also was configured. 


I dont understand this "#LoginId# is substituted with the username entered on the login screen".  I thought that I can configure single "login" event for any user. I wanted to achieve this using universal binduser.


I still can't login using AD account.

psc1.jpg

psc2.jpg

psc3.jpg

Paul Jeffrey
Level 1
Level 1

Hi Mike

#LoginId# is a variable that is replaced with the login details of which ever user is logging in at the time, therefore in your EUA Bind DN you would simply just configure the value #LoginId#, this is then what's used to authenticate the user at login time.

I can't see any obvious issues with the mappings at this point, but what you could do is enable directory integration debugging in administration (Administration > Debugging tab on the right) - this will then allow you to test your mappings and ensure they are returning data. Also ensure that the global setting under administration is enabled for directory integration as this is disabled by default.

Lastly, if you are still facing issues I would refer to the server.log files (should be able to find this under Administration > Utilities). Could you also confirm what version of PSC you are using?

Regards,

Paul

Hi Paul,

PSC is virtual appliance version 12.0.1

I've enabled directory inegration in global settings but sill I have a problem.

Configuration is as follows

psc11.jpg

psc21.jpg

When I execute "test connection" I'm getting this log on AD server

psc31.jpg

but when I try to log in to PSC request center using AD user I'm getting this two loggs

psc41.jpg

psc51.jpg

Than I changed EUABindDN option from "MCHE\#LoginId#" to "MCHE\psc.bind" and when trying to log in to PSC request center using AD user I'm getting this one log

psc61.jpg

Of course authentication doesn't work in any case. I'm affraid bind user authentication was not succesful in any case, even if "test connection" indicates that it is ok.

Do you have any idea what is wrong?

PSC server.log doesn't show more informations that we can read from AD log.

BTW do you know where to set ntp server in PSC?

Regards,

Mike

Hi Mike

So regarding the EUA Bind DN, since you are mapping to UPN you would only configure this as #LoginId# with no domain prefix, if you were using sAMAccountName then you would include the domain prefix - what username are you entering in PSC when logging in?

Secondly, I would enable the directory debugging and then perform a search for the user under Directory Mappings to make sure all data is coming through successfully, if any of the top attributes were missing or not mapped correctly then the person import operation would fail.

Lastly, the server.log would give you a lot more detail, you can find this under the Administration > Utilities section.

NTP would probably need to be done on the OS level as root, I don't think PSC specifically has this option.

Regard,s

Paul

Ok I cleaned up my configuration -

BindDN is              MCHE\psc.bind

EUABindDN is      MCHE\#LoginId#

Binduser is propably working because I can perform search for "michal" and I'm geting proper data

psc81.jpg

With this configuration (MCHE\#LoginId#) I should login to PSC winth username "michal.rzepecki". Am I right?

When I try to do this following loggs are collected:

2017-06-28 06:20:51,869 INFO  [com.newscale.bfw.signon.filters.AuthenticationFilter] (default task-47) COR-ID=-3866691454554821206::Request initiated by: 10.249.248.9 on URI: /RequestCenter/login.signon

2017-06-28 06:20:51,885 WARN  [com.newscale.bfw.ldap.util.CertConfigFileUtil] (default task-47) COR-ID=-3866691454554821206::Certificate file not found.  Using default

2017-06-28 06:20:51,888 WARN  [com.newscale.bfw.ldap.util.CertConfigFileUtil] (default task-47) COR-ID=-3866691454554821206::Certificate file not found.  Using default

2017-06-28 06:20:51,920 WARN  [com.newscale.bfw.ldap.util.CertConfigFileUtil] (default task-47) COR-ID=-3866691454554821206::Certificate file not found.  Using default

2017-06-28 06:20:51,921 WARN  [com.newscale.bfw.ldap.util.CertConfigFileUtil] (default task-47) COR-ID=-3866691454554821206::Certificate file not found.  Using default

2017-06-28 06:20:51,941 WARN  [com.newscale.bfw.ldap.jldap.JLDAPSimpleAuth] (default task-47) COR-ID=-3866691454554821206::Logger is enabled for cryptographic connection

2017-06-28 06:20:51,941 WARN  [com.newscale.bfw.ldap.jldap.JLDAPSimpleAuth] (default task-47) COR-ID=-3866691454554821206::Cryptographic log : LDAP Server Current IP address : 10.180.102.81LDAP Server Port 389LDAP Server Secure port 0

2017-06-28 06:20:51,941 WARN  [com.newscale.bfw.ldap.jldap.JLDAPSimpleAuth] (default task-47) COR-ID=-3866691454554821206::Cryptographic log:Client IP address 10.180.102.83

2017-06-28 06:20:51,941 WARN  [com.newscale.bfw.ldap.jldap.JLDAPSimpleAuth] (default task-47) COR-ID=-3866691454554821206::Cryptographic log:LDAP Bind DN  MCHE\michal.rzepecki

2017-06-28 06:20:51,941 WARN  [com.newscale.bfw.ldap.jldap.JLDAPSimpleAuth] (default task-47) COR-ID=-3866691454554821206::Cryptographic log for LDAP  ************

2017-06-28 06:20:51,941 WARN  [com.newscale.bfw.ldap.jldap.JLDAPSimpleAuth] (default task-47) COR-ID=-3866691454554821206::Cryptographic log:Authentication DN:   MCHE\michal.rzepecki

2017-06-28 06:20:51,941 WARN  [com.newscale.bfw.ldap.jldap.JLDAPSimpleAuth] (default task-47) COR-ID=-3866691454554821206::Cryptographic log:Host and Port:    10.180.102.81  389

2017-06-28 06:20:51,956 WARN  [com.newscale.bfw.ldap.jldap.JLDAPSimpleAuth] (default task-47) COR-ID=-3866691454554821206::Logger is enabled for cryptographic connection

2017-06-28 06:20:51,956 WARN  [com.newscale.bfw.ldap.jldap.JLDAPSimpleAuth] (default task-47) COR-ID=-3866691454554821206::Cryptographic log : LDAP Server Current IP address : 10.180.102.81LDAP Server Port 389LDAP Server Secure port 0

2017-06-28 06:20:51,956 WARN  [com.newscale.bfw.ldap.jldap.JLDAPSimpleAuth] (default task-47) COR-ID=-3866691454554821206::Cryptographic log:Client IP address 10.180.102.83

2017-06-28 06:20:51,956 WARN  [com.newscale.bfw.ldap.jldap.JLDAPSimpleAuth] (default task-47) COR-ID=-3866691454554821206::Cryptographic log:LDAP Bind DN  MCHE\psc.bind

2017-06-28 06:20:51,956 WARN  [com.newscale.bfw.ldap.jldap.JLDAPSimpleAuth] (default task-47) COR-ID=-3866691454554821206::Cryptographic log for LDAP  ************

2017-06-28 06:20:51,956 WARN  [com.newscale.bfw.ldap.jldap.JLDAPSimpleAuth] (default task-47) COR-ID=-3866691454554821206::Cryptographic log:Authentication DN:   MCHE\psc.bind

2017-06-28 06:20:51,956 WARN  [com.newscale.bfw.ldap.jldap.JLDAPSimpleAuth] (default task-47) COR-ID=-3866691454554821206::Cryptographic log:Host and Port:    10.180.102.81  389

2017-06-28 06:20:51,958 ERROR [com.newscale.bfw.eui.ldap.ExtUserDatasource_Ldap] (default task-47) COR-ID=-3866691454554821206::No person(customer) returned from getPerson ldap search

2017-06-28 06:20:51,958 ERROR [com.newscale.bfw.eui.ldap.EUIImportPersonOperation_Ldap] (default task-47) COR-ID=-3866691454554821206::Exception in EUI Import Person Operation: com.newscale.bfw.eui.EUIException: No person(customer) returned from getPerson ldap search

at com.newscale.bfw.eui.ldap.ExtUserDatasource_Ldap.getExternalPerson(ExtUserDatasource_Ldap.java:199) [classes:]

at com.newscale.bfw.eui.ldap.EUIImportPersonOperation_Ldap.importPerson(EUIImportPersonOperation_Ldap.java:211) [classes:]

at com.newscale.bfw.eui.ldap.EUIImportPersonOperation_Ldap.importPersonCommon(EUIImportPersonOperation_Ldap.java:156) [classes:]

at com.newscale.bfw.eui.ldap.EUIImportPersonOperation_Ldap.importPerson(EUIImportPersonOperation_Ldap.java:89) [classes:]

at com.newscale.bfw.eui.EUIOperationManager.performImportPerson(EUIOperationManager.java:578) [classes:]

at com.newscale.bfw.eui.EUIEventManager.performPostSSO(EUIEventManager.java:184) [classes:]

at com.newscale.bfw.signon.AuthenticationManager.execute(AuthenticationManager.java:840) [classes:]

at com.newscale.bfw.signon.AuthenticationManager.execute(AuthenticationManager.java:674) [classes:]

at com.newscale.bfw.signon.filters.AuthenticationFilter.doFilter(AuthenticationFilter.java:499) [classes:]

at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

at com.newscale.bfw.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:142) [newscale_common.jar:13.2.0.1159]

at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

at com.newscale.bfw.uiframework.filters.ContentResponseFilter.doFilter(ContentResponseFilter.java:34) [newscale_uiframework.jar:13.2.0.1159]

at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:85) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:61) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)

at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]

at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:56) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]

at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45) [undertow-core-1.1.0.Final.jar:1.1.0.Final]

at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:63) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58) [undertow-core-1.1.0.Final.jar:1.1.0.Final]

at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76) [undertow-core-1.1.0.Final.jar:1.1.0.Final]

at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]

at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)

at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]

at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]

at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:261) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:247) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:76) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:166) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

at io.undertow.server.Connectors.executeRootHandler(Connectors.java:197) [undertow-core-1.1.0.Final.jar:1.1.0.Final]

at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:759) [undertow-core-1.1.0.Final.jar:1.1.0.Final]

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0_102]

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0_102]

at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_102]

2017-06-28 06:20:51,961 ERROR [com.newscale.bfw.signon.AuthenticationManager] (default task-47) COR-ID=-3866691454554821206::EUI Flow exception: : com.newscale.bfw.eui.EUIException: No person(customer) returned from getPerson ldap search

at com.newscale.bfw.eui.ldap.EUIImportPersonOperation_Ldap.importPersonCommon(EUIImportPersonOperation_Ldap.java:165) [classes:]

at com.newscale.bfw.eui.ldap.EUIImportPersonOperation_Ldap.importPerson(EUIImportPersonOperation_Ldap.java:89) [classes:]

at com.newscale.bfw.eui.EUIOperationManager.performImportPerson(EUIOperationManager.java:578) [classes:]

at com.newscale.bfw.eui.EUIEventManager.performPostSSO(EUIEventManager.java:184) [classes:]

at com.newscale.bfw.signon.AuthenticationManager.execute(AuthenticationManager.java:840) [classes:]

at com.newscale.bfw.signon.AuthenticationManager.execute(AuthenticationManager.java:674) [classes:]

at com.newscale.bfw.signon.filters.AuthenticationFilter.doFilter(AuthenticationFilter.java:499) [classes:]

at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

at com.newscale.bfw.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:142) [newscale_common.jar:13.2.0.1159]

at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

at com.newscale.bfw.uiframework.filters.ContentResponseFilter.doFilter(ContentResponseFilter.java:34) [newscale_uiframework.jar:13.2.0.1159]

at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:85) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:61) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)

at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]

at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:56) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]

at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45) [undertow-core-1.1.0.Final.jar:1.1.0.Final]

at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:63) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58) [undertow-core-1.1.0.Final.jar:1.1.0.Final]

at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76) [undertow-core-1.1.0.Final.jar:1.1.0.Final]

at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]

at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)

at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]

at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]

at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:261) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:247) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:76) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:166) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

at io.undertow.server.Connectors.executeRootHandler(Connectors.java:197) [undertow-core-1.1.0.Final.jar:1.1.0.Final]

at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:759) [undertow-core-1.1.0.Final.jar:1.1.0.Final]

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0_102]

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0_102]

at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_102]

2017-06-28 06:20:52,088 INFO  [com.newscale.bfw.signon.filters.AuthenticationFilter] (default task-43) COR-ID=6512855781699906886::Request initiated by: 10.249.248.9 on URI: /RequestCenter/default-login.jsp

Hi Mike

To this question:

With this configuration (MCHE\#LoginId#) I should login to PSC winth username "michal.rzepecki". Am I right?

When I try to do this following loggs are collected:

Only if you are using sAMAccountName as the LoginId mapping, I see you are currently using UPN, if you use UPN then you could try only use #LoginId#, if you leave the EUABindDN as is then try change your directory mapping to use sAMAccountName as the Login ID, also I'm not sure if this has an effect, but we generally make the Person Identification the same as the Login ID, so try update that to either the UPN or sAMAccountName depending on the approach you use.

However, based on the logs it almost looks the authentication step is working but the import is failing, so you can try update the Person Identification as I mentioned above, if that fails then try go the sAMAccountName route instead of UPN and see if that works.

Regards,

Paul

It was only necessary to understand until the end that there is a LoginID mapping in the Mapping section and in the Event-Login section. If you specify sAMAccountName in Mapping, then in Event-Login-External Autentication MCHE \ # LoginId #, and if UPN, then simply # LoginId #

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: