Community
Select to view content in your preferred language

AD Directory setup "Your username or password was not valid, please try again..."

2572
2
06-03-2013 04:03 PM
TobyTe_Rupe
by
Deactivated User
‎06-03-2013 04:03 PM
<identity encKey="PtkESRI" realm="Geoportal"> 
        <ldapAdapter>
            <ldapConnectionProperties
                providerURL="ldap://orandc2.<<COMPANY>>.nsw.gov.au:389"
                initialContextFactoryName="com.sun.jndi.ldap.LdapCtxFactory"
                securityAuthentication="simple"
                securityProtocol="">
                <ldapServiceAccount
                    securityPrincipal="cn=<<AD USER>,ou=<<users>>,ou=networks,dc=<<COMPANY>>,dc=nsw,dc=gov,dc=au"
                    securityCredentials="<<AD PASSOWRD>>"
        catalogAdminDN="CN=<<ADMIN USER AD ACCOUNT>>,OU=<<users>>,OU=<<SOMEWHERE>>,OU=CENTRAL,OU=<<COMPANY>>,DC=<<COMPANY>>,DC=NSW,DC=GOV,DC=AU"
                    encrypted="false"/>
            </ldapConnectionProperties>
       
            <singleSignOn
                active="True"
                credentialLocation="userPrincipal"
                anonymousValue=""
                logoutOutcome="http://some_where_over_the_rainbow.industry.nsw.gov.au"/>
           
            <selfCareSupport
                supportsLogin="true"
                supportsLogout="true"
                supportsUserRegistration="true"
                supportsUserProfileManagement="true"
                supportsPasswordChange="true"
                supportsPasswordRecovery="true"/>

            <roles authenticatedUserRequiresRole="true">
                <role
                    key="gptRegisteredUser"
                    resKey="catalog.role.gptRegisteredUser"
        manage="true"
        forbidden="false"
                    groupDN="CN=GeoPortalUser,OU=GROUPS,OU=<<SOMEWHERE>>,OU=CENTRAL,OU=<<COMPANY>>,DC=<<COMPANY>>,DC=NSW,DC=GOV,DC=AU"/>
                <role
                    key="gptPublisher"
                    inherits="gptRegisteredUser"
                    resKey="catalog.role.gptPublisher"
        manage="true"
        forbidden="false"
                    groupDN="CN=GeoPortalPublisher,OU=GROUPS,OU=<<SOMEWHERE>>,OU=CENTRAL,OU=<<COMPANY>>,DC=<<COMPANY>>,DC=NSW,DC=GOV,DC=AU"/>
              <role
                    key="gptAdministrator"
                    inherits="gptPublisher"
                    resKey="catalog.role.gptAdministrator"
        manage="true"
        forbidden="false"
                    groupDN="CN=GeoPortalAdministration,OU=GROUPS,OU=<<SOMEWHERE>>,OU=CENTRAL,OU=<<COMPANY>>,DC=<<COMPANY>>,DC=NSW,DC=GOV,DC=AU"/>
            </roles>
       
            <users
                displayNameAttribute="sAMAccountName"
                passwordEncryptionAlgorithm="SHA"
                newUserDNPattern="cn={0},CN=GeoPortalUser,OU=GROUPS,OU=<<SOMEWHERE>>,OU=CENTRAL,OU=<<COMPANY>>,DC=<<COMPANY>>,DC=NSW,DC=GOV,DC=AU"
                usernameSearchPattern="(&amp;(objectclass=person)(sAMAccountName={0}))"
                searchDIT="OU=GROUPS,OU=<<SOMEWHERE>>,OU=CENTRAL,OU=<<COMPANY>>,DC=<<COMPANY>>,DC=NSW,DC=GOV,DC=AU">
                <requiredObjectClasses>
                    <objectClass name="top"/>
                    <objectClass name="person"/>
                    <objectClass name="organizationalPerson"/>
                    <objectClass name="inetOrgPerson"/>
                </requiredObjectClasses>
                <userAttributeMap>
                    <attribute key="username"     ldapName="sAMAccountName"/>
                    <attribute key="password"     ldapName="userPassword"/>
                    <attribute key="email"        ldapName="mail"/>
                    <attribute key="firstName"    ldapName="givenName"/>
                    <attribute key="lastName"     ldapName="sn"/>
                    <attribute key="displayName"  ldapName="displayName"/>
                    <attribute key="organization" ldapName="o"/>
                    <attribute key="affiliation"  ldapName="businessCategory"/>
                    <attribute key="street"       ldapName="street"/>
                    <attribute key="city"         ldapName="l"/>
                    <attribute key="stateOrProv"  ldapName="st"/>
                    <attribute key="postalCode"   ldapName="postalCode"/>
                    <attribute key="country"      ldapName=""/>
                    <attribute key="phone"        ldapName="telephoneNumber"/>
                </userAttributeMap>
            </users>
     
            <groups
                displayNameAttribute="cn"
                dynamicMemberOfGroupsAttribute=""
                dynamicMembersAttribute=""
                memberAttribute="member"
                memberSearchPattern="(&amp;(objectclass=group)(member:1.2.840.113556.1.4.1941:={0}))"
                searchDIT="OU=GROUPS,OU=<<SOMEWHERE>>,OU=CENTRAL,OU=<<COMPANY>>,DC=<<COMPANY>>,DC=NSW,DC=GOV,DC=AU">
              
                <metadataManagementGroup
                    name="Region 1"
                    groupDN="group_distinguished_name"/>
                <metadataManagementGroup
                    name="Region 2"
                    groupDN="group_distinguished_name"/>
  
            </groups>
        </ldapAdapter>
 
     </identity>
0 Kudos
2 Replies
TobyTe_Rupe
by
Deactivated User
‎06-05-2013 04:45 PM
It is fantastic to see that ESRI are monitoring there own forums!
I found the problem was change the SingleSign on to false and it worked.  Now I am trying to get SSO to work.  What a freaking nightmare!  Open Source Software, Awesome... not!
0 Kudos
MartenHogeweg
by Esri Contributor
Esri Contributor
‎06-14-2013 08:31 AM
For Geoportal Server related questions or discussions, please use our discussion forum on github (where we host geoportal server source code): https://github.com/Esri/geoportal-server/issues

If you want a user to login to their desktop/laptop and then be automatically be logged into Geoportal when accessing it, you will need to configure �??windows integrated authentication�??.

How to configure this in tomcat 7 is described here:
http://tomcat.apache.org/tomcat-7.0-doc/windows-auth-howto.html

you may also be interested in the Single Sign On topic on the Geoportal wiki at:
https://github.com/Esri/geoportal-server/wiki/Single-Sign-On
0 Kudos