12 Replies Latest reply: Feb 12, 2018 7:53 AM by shahgadji RSS

PSC - ldap attributes mapping

mrzepecki

Hi,

 

What LDAP attribute should I map to PSC attribute - "New Password". This is mandatory but I don't know what it is for.

 

Thanks,

Mike

  • 1. Re: PSC - ldap attributes mapping
    paulj-puleng

    Hi Michal

     

    This sets the default internal password for the user (we normally just map this to sAMAccountName). However ,you could make this any mapping or default value via an expression as one would generally use External Authentication or SSO for user sign in so this password would not be relevant unless using backdoor login.

     

    Regards,

    Paul

  • 2. Re: PSC - ldap attributes mapping
    mrzepecki

    Hi Paul,

     

    Thanks for explanation. What should I do if I don't want anybody to have backdoor login? Map it to some empty AD attribute?  I can't just leave this field empty because this is one of required fields.


    BTW how does it work? Can this "new password" be used only when PSC has no communication with AD or user can use this password anytime?


    Regards,

    Mike

  • 3. Re: PSC - ldap attributes mapping
    paulj-puleng

    Hi Mike

     

    The backdoor login is something that is generally kept private and only admins or support teams should know about, in addition you can change what the backdoor URL is and also only limit it to the admin account thereby prevent any of the users to log in.

     

    This 'New Password' would only ever be used if for some reason you disabled you login events and external authentication/sso - not something one would typically do if they had AD integration enabled - If integration with the AD does go down (for networking or other reasons) then users would be able to log into the system at all, it would not fall back to the local password - in the this scenario only the admin who knows about this backdoor URL would be able to login.

     

    In short, we've been using the sAMAccountName mapping for this attribute for several years on our implementations and not had any issues, it is just a case of ensuring only the correct users can access the backdoor URL.

     

    Regards,

    Paul

  • 4. Re: PSC - ldap attributes mapping
    mrzepecki

    I've done following mapping:

    PSC   -   AD

    ---------------------------------

    First Name - givenName

    Last Name - sn

    Login ID - userPrincipalName

    Person Identification - description

    Email Address - mail

    Home Organizational Unit - postOfficeBox

    New Password - sAMAccountName


    I've configured this mapping for event - "login", step - "external authentication".


    In AD , postOfficeBox attribute for my user is set to "Site Administration" which is one of Organization units in PSC.


    I can't log in to PSC using my AD account michal.rzepecki@mche.edu.pl ( or MCHE\michal.rzepecki).


    What else should I do?


    I've used the same bind user twice (michal.rzepecki@mche.edu.pl)  - at datasource configuration (test is passed)  and in options for event - "login", step - "external authentication". Why I had to repeat bind user in this option?


    Regards,

    Michal



  • 5. Re: PSC - ldap attributes mapping
    paulj-puleng

    Hi Mike

     

    The login event will require at least two steps:

     

    Step 1:

    Either SSO or External Authentication

     

    Step 2:

    Person Import - This is required to create the person object in PSC and the login event will not complete without this.

     

    Step 3 (OPTIONAL):

    Import Manager - This can be used to import the manager based on the person's supervisor field mapping.

     

    The BindDN for the External Authentication is slightly different, this is used to authenticate the user that is logging in, this is typically set to #AnyDomain#\#LoginId# where #LoginId# is substituted with the username entered on the login screen.

     

    However, I see you are using UPN for your Login ID, therefore you would only need to configure #LoginId# for your External Authentication event.

     

    If you are still experiencing issues after that please post some screenshots of your config for reference.

     

    Regards,

    Paul

  • 6. Re: PSC - ldap attributes mapping
    mrzepecki

    I've written wrong account name in last post. I'm using PSCbinduser@mche.edu.pl at datasource configuration  and in options for event - "login", step - "external authentication".  Person Import also was configured. 


    I dont understand this "#LoginId# is substituted with the username entered on the login screen".  I thought that I can configure single "login" event for any user. I wanted to achieve this using universal binduser.


    I still can't login using AD account.

    psc1.jpg

    psc2.jpg

    psc3.jpg

  • 7. Re: PSC - ldap attributes mapping
    paulj-puleng

    Hi Mike

     

    #LoginId# is a variable that is replaced with the login details of which ever user is logging in at the time, therefore in your EUA Bind DN you would simply just configure the value #LoginId#, this is then what's used to authenticate the user at login time.

     

    I can't see any obvious issues with the mappings at this point, but what you could do is enable directory integration debugging in administration (Administration > Debugging tab on the right) - this will then allow you to test your mappings and ensure they are returning data. Also ensure that the global setting under administration is enabled for directory integration as this is disabled by default.

     

    Lastly, if you are still facing issues I would refer to the server.log files (should be able to find this under Administration > Utilities). Could you also confirm what version of PSC you are using?

     

    Regards,

    Paul

  • 8. Re: PSC - ldap attributes mapping
    mrzepecki

    Hi Paul,

    PSC is virtual appliance version 12.0.1

     

    I've enabled directory inegration in global settings but sill I have a problem.

    Configuration is as follows

    psc11.jpg

    psc21.jpg

    When I execute "test connection" I'm getting this log on AD server

    psc31.jpg

    but when I try to log in to PSC request center using AD user I'm getting this two loggs

    psc41.jpg

    psc51.jpg

     

    Than I changed EUABindDN option from "MCHE\#LoginId#" to "MCHE\psc.bind" and when trying to log in to PSC request center using AD user I'm getting this one log

    psc61.jpg

     

    Of course authentication doesn't work in any case. I'm affraid bind user authentication was not succesful in any case, even if "test connection" indicates that it is ok.

     

    Do you have any idea what is wrong?

    PSC server.log doesn't show more informations that we can read from AD log.

    BTW do you know where to set ntp server in PSC?

     

    Regards,

    Mike

  • 9. Re: PSC - ldap attributes mapping
    paulj-puleng

    Hi Mike

     

    So regarding the EUA Bind DN, since you are mapping to UPN you would only configure this as #LoginId# with no domain prefix, if you were using sAMAccountName then you would include the domain prefix - what username are you entering in PSC when logging in?

     

    Secondly, I would enable the directory debugging and then perform a search for the user under Directory Mappings to make sure all data is coming through successfully, if any of the top attributes were missing or not mapped correctly then the person import operation would fail.

     

    Lastly, the server.log would give you a lot more detail, you can find this under the Administration > Utilities section.

     

    NTP would probably need to be done on the OS level as root, I don't think PSC specifically has this option.

     

    Regard,s

    Paul

  • 10. Re: PSC - ldap attributes mapping
    mrzepecki

    Ok I cleaned up my configuration -

    BindDN is              MCHE\psc.bind

    EUABindDN is      MCHE\#LoginId#

    Binduser is propably working because I can perform search for "michal" and I'm geting proper data

    psc81.jpg

     

    With this configuration (MCHE\#LoginId#) I should login to PSC winth username "michal.rzepecki". Am I right?

    When I try to do this following loggs are collected:

     

     

     

    2017-06-28 06:20:51,869 INFO  [com.newscale.bfw.signon.filters.AuthenticationFilter] (default task-47) COR-ID=-3866691454554821206::Request initiated by: 10.249.248.9 on URI: /RequestCenter/login.signon

    2017-06-28 06:20:51,885 WARN  [com.newscale.bfw.ldap.util.CertConfigFileUtil] (default task-47) COR-ID=-3866691454554821206::Certificate file not found.  Using default

    2017-06-28 06:20:51,888 WARN  [com.newscale.bfw.ldap.util.CertConfigFileUtil] (default task-47) COR-ID=-3866691454554821206::Certificate file not found.  Using default

    2017-06-28 06:20:51,920 WARN  [com.newscale.bfw.ldap.util.CertConfigFileUtil] (default task-47) COR-ID=-3866691454554821206::Certificate file not found.  Using default

    2017-06-28 06:20:51,921 WARN  [com.newscale.bfw.ldap.util.CertConfigFileUtil] (default task-47) COR-ID=-3866691454554821206::Certificate file not found.  Using default

    2017-06-28 06:20:51,941 WARN  [com.newscale.bfw.ldap.jldap.JLDAPSimpleAuth] (default task-47) COR-ID=-3866691454554821206::Logger is enabled for cryptographic connection

    2017-06-28 06:20:51,941 WARN  [com.newscale.bfw.ldap.jldap.JLDAPSimpleAuth] (default task-47) COR-ID=-3866691454554821206::Cryptographic log : LDAP Server Current IP address : 10.180.102.81LDAP Server Port 389LDAP Server Secure port 0

    2017-06-28 06:20:51,941 WARN  [com.newscale.bfw.ldap.jldap.JLDAPSimpleAuth] (default task-47) COR-ID=-3866691454554821206::Cryptographic log:Client IP address 10.180.102.83

    2017-06-28 06:20:51,941 WARN  [com.newscale.bfw.ldap.jldap.JLDAPSimpleAuth] (default task-47) COR-ID=-3866691454554821206::Cryptographic log:LDAP Bind DN  MCHE\michal.rzepecki

    2017-06-28 06:20:51,941 WARN  [com.newscale.bfw.ldap.jldap.JLDAPSimpleAuth] (default task-47) COR-ID=-3866691454554821206::Cryptographic log for LDAP  ************

    2017-06-28 06:20:51,941 WARN  [com.newscale.bfw.ldap.jldap.JLDAPSimpleAuth] (default task-47) COR-ID=-3866691454554821206::Cryptographic log:Authentication DN:   MCHE\michal.rzepecki

    2017-06-28 06:20:51,941 WARN  [com.newscale.bfw.ldap.jldap.JLDAPSimpleAuth] (default task-47) COR-ID=-3866691454554821206::Cryptographic log:Host and Port:    10.180.102.81  389

    2017-06-28 06:20:51,956 WARN  [com.newscale.bfw.ldap.jldap.JLDAPSimpleAuth] (default task-47) COR-ID=-3866691454554821206::Logger is enabled for cryptographic connection

    2017-06-28 06:20:51,956 WARN  [com.newscale.bfw.ldap.jldap.JLDAPSimpleAuth] (default task-47) COR-ID=-3866691454554821206::Cryptographic log : LDAP Server Current IP address : 10.180.102.81LDAP Server Port 389LDAP Server Secure port 0

    2017-06-28 06:20:51,956 WARN  [com.newscale.bfw.ldap.jldap.JLDAPSimpleAuth] (default task-47) COR-ID=-3866691454554821206::Cryptographic log:Client IP address 10.180.102.83

    2017-06-28 06:20:51,956 WARN  [com.newscale.bfw.ldap.jldap.JLDAPSimpleAuth] (default task-47) COR-ID=-3866691454554821206::Cryptographic log:LDAP Bind DN  MCHE\psc.bind

    2017-06-28 06:20:51,956 WARN  [com.newscale.bfw.ldap.jldap.JLDAPSimpleAuth] (default task-47) COR-ID=-3866691454554821206::Cryptographic log for LDAP  ************

    2017-06-28 06:20:51,956 WARN  [com.newscale.bfw.ldap.jldap.JLDAPSimpleAuth] (default task-47) COR-ID=-3866691454554821206::Cryptographic log:Authentication DN:   MCHE\psc.bind

    2017-06-28 06:20:51,956 WARN  [com.newscale.bfw.ldap.jldap.JLDAPSimpleAuth] (default task-47) COR-ID=-3866691454554821206::Cryptographic log:Host and Port:    10.180.102.81  389

    2017-06-28 06:20:51,958 ERROR [com.newscale.bfw.eui.ldap.ExtUserDatasource_Ldap] (default task-47) COR-ID=-3866691454554821206::No person(customer) returned from getPerson ldap search

    2017-06-28 06:20:51,958 ERROR [com.newscale.bfw.eui.ldap.EUIImportPersonOperation_Ldap] (default task-47) COR-ID=-3866691454554821206::Exception in EUI Import Person Operation: com.newscale.bfw.eui.EUIException: No person(customer) returned from getPerson ldap search

    at com.newscale.bfw.eui.ldap.ExtUserDatasource_Ldap.getExternalPerson(ExtUserDatasource_Ldap.java:199) [classes:]

    at com.newscale.bfw.eui.ldap.EUIImportPersonOperation_Ldap.importPerson(EUIImportPersonOperation_Ldap.java:211) [classes:]

    at com.newscale.bfw.eui.ldap.EUIImportPersonOperation_Ldap.importPersonCommon(EUIImportPersonOperation_Ldap.java:156) [classes:]

    at com.newscale.bfw.eui.ldap.EUIImportPersonOperation_Ldap.importPerson(EUIImportPersonOperation_Ldap.java:89) [classes:]

    at com.newscale.bfw.eui.EUIOperationManager.performImportPerson(EUIOperationManager.java:578) [classes:]

    at com.newscale.bfw.eui.EUIEventManager.performPostSSO(EUIEventManager.java:184) [classes:]

    at com.newscale.bfw.signon.AuthenticationManager.execute(AuthenticationManager.java:840) [classes:]

    at com.newscale.bfw.signon.AuthenticationManager.execute(AuthenticationManager.java:674) [classes:]

    at com.newscale.bfw.signon.filters.AuthenticationFilter.doFilter(AuthenticationFilter.java:499) [classes:]

    at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

    at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

    at com.newscale.bfw.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:142) [newscale_common.jar:13.2.0.1159]

    at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

    at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

    at com.newscale.bfw.uiframework.filters.ContentResponseFilter.doFilter(ContentResponseFilter.java:34) [newscale_uiframework.jar:13.2.0.1159]

    at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

    at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

    at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:85) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

    at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:61) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

    at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

    at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)

    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]

    at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

    at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:56) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]

    at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45) [undertow-core-1.1.0.Final.jar:1.1.0.Final]

    at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:63) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

    at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58) [undertow-core-1.1.0.Final.jar:1.1.0.Final]

    at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

    at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76) [undertow-core-1.1.0.Final.jar:1.1.0.Final]

    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]

    at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)

    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]

    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]

    at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:261) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

    at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:247) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

    at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:76) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

    at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:166) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

    at io.undertow.server.Connectors.executeRootHandler(Connectors.java:197) [undertow-core-1.1.0.Final.jar:1.1.0.Final]

    at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:759) [undertow-core-1.1.0.Final.jar:1.1.0.Final]

    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0_102]

    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0_102]

    at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_102]

     

     

    2017-06-28 06:20:51,961 ERROR [com.newscale.bfw.signon.AuthenticationManager] (default task-47) COR-ID=-3866691454554821206::EUI Flow exception: : com.newscale.bfw.eui.EUIException: No person(customer) returned from getPerson ldap search

    at com.newscale.bfw.eui.ldap.EUIImportPersonOperation_Ldap.importPersonCommon(EUIImportPersonOperation_Ldap.java:165) [classes:]

    at com.newscale.bfw.eui.ldap.EUIImportPersonOperation_Ldap.importPerson(EUIImportPersonOperation_Ldap.java:89) [classes:]

    at com.newscale.bfw.eui.EUIOperationManager.performImportPerson(EUIOperationManager.java:578) [classes:]

    at com.newscale.bfw.eui.EUIEventManager.performPostSSO(EUIEventManager.java:184) [classes:]

    at com.newscale.bfw.signon.AuthenticationManager.execute(AuthenticationManager.java:840) [classes:]

    at com.newscale.bfw.signon.AuthenticationManager.execute(AuthenticationManager.java:674) [classes:]

    at com.newscale.bfw.signon.filters.AuthenticationFilter.doFilter(AuthenticationFilter.java:499) [classes:]

    at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

    at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

    at com.newscale.bfw.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:142) [newscale_common.jar:13.2.0.1159]

    at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

    at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

    at com.newscale.bfw.uiframework.filters.ContentResponseFilter.doFilter(ContentResponseFilter.java:34) [newscale_uiframework.jar:13.2.0.1159]

    at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

    at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

    at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:85) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

    at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:61) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

    at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

    at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)

    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]

    at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

    at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:56) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]

    at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45) [undertow-core-1.1.0.Final.jar:1.1.0.Final]

    at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:63) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

    at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58) [undertow-core-1.1.0.Final.jar:1.1.0.Final]

    at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

    at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76) [undertow-core-1.1.0.Final.jar:1.1.0.Final]

    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]

    at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)

    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]

    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]

    at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:261) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

    at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:247) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

    at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:76) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

    at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:166) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

    at io.undertow.server.Connectors.executeRootHandler(Connectors.java:197) [undertow-core-1.1.0.Final.jar:1.1.0.Final]

    at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:759) [undertow-core-1.1.0.Final.jar:1.1.0.Final]

    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0_102]

    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0_102]

    at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_102]

     

     

    2017-06-28 06:20:52,088 INFO  [com.newscale.bfw.signon.filters.AuthenticationFilter] (default task-43) COR-ID=6512855781699906886::Request initiated by: 10.249.248.9 on URI: /RequestCenter/default-login.jsp

  • 11. Re: PSC - ldap attributes mapping
    paulj-puleng

    Hi Mike

     

    To this question:

    With this configuration (MCHE\#LoginId#) I should login to PSC winth username "michal.rzepecki". Am I right?

    When I try to do this following loggs are collected:

     

    Only if you are using sAMAccountName as the LoginId mapping, I see you are currently using UPN, if you use UPN then you could try only use #LoginId#, if you leave the EUABindDN as is then try change your directory mapping to use sAMAccountName as the Login ID, also I'm not sure if this has an effect, but we generally make the Person Identification the same as the Login ID, so try update that to either the UPN or sAMAccountName depending on the approach you use.

     

    However, based on the logs it almost looks the authentication step is working but the import is failing, so you can try update the Person Identification as I mentioned above, if that fails then try go the sAMAccountName route instead of UPN and see if that works.

     

    Regards,

    Paul

  • 12. Re: PSC - ldap attributes mapping
    shahgadji

    It was only necessary to understand until the end that there is a LoginID mapping in the Mapping section and in the Event-Login section. If you specify sAMAccountName in Mapping, then in Event-Login-External Autentication MCHE \ # LoginId #, and if UPN, then simply # LoginId #