Skip navigation
Currently Being Moderated

Problem Authentication (Active Directory and Policy Server)

May 28, 2007 4:24 AM

I have configured LDAP on my policy server and while creating policies i can find list of users in my Active Directory

But problem is that i m not able to login to policy server with my Active directory Users
how to login I have tried several different method
e.g
Muhammad Amin/password
muhammad.amin@mydomain.com/password
but failed

I have also enabled and try with both JAAS and Kerberos athentication
but failed to connect with internal users.

I can login with External Users which i created.

Any Guru can help me to sort this porblem
 
Replies
  • Currently Being Moderated
    May 29, 2007 6:04 PM   in reply to (Muhammad_Amin)
    Hi Muhammed,

    There are a couple of possible problems. Did you update your login-config.xml as described in the documentation? If so, you might want to double-check that is correct.

    If so, you should make sure the UID Attribute you have setup to use in Policy Server is the same as you are trying to login with.

    Can you post the exception you are getting in the server log?

    Hope this helps,

    -Bill
     
    |
    Mark as:
  • Currently Being Moderated
    May 31, 2007 12:55 PM   in reply to (Muhammad_Amin)
    Are your passwords hashed?
     
    |
    Mark as:
  • Currently Being Moderated
    Apr 11, 2008 2:17 AM   in reply to (Muhammad_Amin)
    Can anyone tell me what are the security settings for Websphere 6.0 when using LDAPLoginModule.W hat should i select for Active Protocol ,Active authentication mechanism(SWAM or LTPA) and what should i select for Active user registry (Custom,LDAP or OS)
     
    |
    Mark as:
  • Currently Being Moderated
    Apr 11, 2008 9:43 AM   in reply to (Muhammad_Amin)
    Hi Prashant,

    For WebSphere 6.0 its better to choose LTPA (Lightweight Third-Party Authentication); SWAM is deprecated in next WebSphere release. If the user after having received the LTPA token accesses a server that is a member of the same authentication configuration as the first server, and if the browsing session has not been terminated (the browser was not closed down), then the user is automatically authenticated and will not be challenged for a name and password. Such an environment is also called a Single-Sign-On (SSO) environment.
    For Active user registry you would need to select LDAP

    Hope this helps,

    -Bill
     
    |
    Mark as:

More Like This

  • Retrieving data ...

Bookmarked By (0)