Can't connect to Keystore Manager using ExtendedAD

[tortue]

Hello,

I am currently trying to get working the "Extended Active directory" capabiliy of Sparx keystore server.

I configured the server as shown here:

Code: [Select]

AUTHMETHOD=AM_ACTIVEDIRECTORYEX
AUTHMETHOD_OPTIONS=%SERVICE_PATH%\XXX.adconfig

And here is the content of my XXX.adconfig file:

Code: [Select]

GROUP
      Name=SOMEWORKINGGROUP
      NamingContext=XXX
      IsManager=true
      ENTITLEMENT
            Product=Corporate
            Academic=false
            Limit=10
      END ENTITLEMENT
END GROUP

When I try to connect to the KeyStore server using the KeyStore Manager (and using a valid "SOMEWORKINGGROUP" account), the following error message is displayed:

Code: [Select]

Lost connection to the keystore at ssks://localhost
ERROR: The requested operation requires an authenticated session

I can't manage keys or do any operation to the keystore Server.
Very strange because the logs of Keystore Server indicates the client was sucessfully authenticated...

Here are the logs of the Keystore server:

Code: [Select]

2014-11-04 13:48:22 [INFO]:
2014-11-04 13:48:22 [INFO]: ##############################################################################
2014-11-04 13:48:22 [INFO]: #                         Sparx Systems Keystore Service                     #
2014-11-04 13:48:22 [INFO]: ##############################################################################
2014-11-04 13:48:22 [INFO]: # Protocol Version: 1.0                                                      #
2014-11-04 13:48:22 [INFO]: # Start Time: 2014-11-04 13:48:22                                            #
2014-11-04 13:48:22 [INFO]: # Operating System: Windows 6.01 Service Pack 1                              #
2014-11-04 13:48:22 [INFO]: #                                                                            #
2014-11-04 13:48:22 [INFO]: # Service Path: C:\Program Files (x86)\Sparx Systems\Keystore\Service        #
2014-11-04 13:48:22 [INFO]: # Logging Dir: C:\Program Files (x86)\Sparx Systems\Keystore\Service\Logs    #
2014-11-04 13:48:22 [INFO]: ##############################################################################
2014-11-04 13:48:22 [INFO]: ** Starting up!
2014-11-04 13:48:23 [SYSTEM]: [ACTIVEDIRECTORYGROUPEX_AM] ATTEMPT: Loading group database from C:\Program Files (x86)\S
parx Systems\Keystore\Service\XXXX.adconfig
2014-11-04 13:48:23 [SYSTEM]: [WebstoreAM] SUCCESS: Configured 1 Webstore group(s)
2014-11-04 13:48:23 [SYSTEM]: [ACTIVEDIRECTORYGROUPEX_AM] SUCCESS: Initialised. Default Naming Context: 'LDAP://DC=XXXX,DC=XXXX,DC=XXXX', 1 Group(s) added.
2014-11-04 13:48:23 [SYSTEM]: SUCCESS Started AuthenticationManager
2014-11-04 13:48:23 [SYSTEM]: SUCCESS Started keystore manager
2014-11-04 13:48:23 [SYSTEM]: SUCCESS Management thread started
2014-11-04 13:48:23 [SYSTEM]: SUCCESS Bound and listening on port 7770
2014-11-04 13:48:23 [SYSTEM]: SUCCESS Socket acceptor thread started
2014-11-04 13:48:23 [INFO]: ** Now listening for connections
2014-11-04 13:48:31 [SYSTEM]: Client connected from 127.0.0.1
2014-11-04 13:48:31 [SYSTEM]: SUCCESS: Client from 127.0.0.1 authenticated (User Name: XXXX, Product: Sparx Systems
Keystore)
2014-11-04 13:48:31 [SYSTEM]: Client disconnected from 127.0.0.1
2014-11-04 13:48:32 [SYSTEM]: Client connected from 127.0.0.1
2014-11-04 13:48:32 [SYSTEM]: SUCCESS: Client from 127.0.0.1 authenticated (User Name: XXXX, Product: Sparx Systems
Keystore)
2014-11-04 13:48:32 [SYSTEM]: Client disconnected from 127.0.0.1
2014-11-04 13:48:32 [SYSTEM]: Client connected from 127.0.0.1
2014-11-04 13:48:32 [SYSTEM]: SUCCESS: Client from 127.0.0.1 authenticated (User Name: XXXX, Product: Sparx Systems
Keystore)
2014-11-04 13:48:32 [SYSTEM]: Client disconnected from 127.0.0.1

May it be some bug from the manager ? Or am I doing things wrong ?

Thanks !

[marxhalvick]

Hi,
I have the same issue here !

Did you solve it ?

Thanks !

[marxhalvick]

Seems to be a problem with the groups, as the support told me to use Universal groups.

[xscope]

I have same issue. My server is in domain A and users are connecting from trusted domain B. Also groups are in domain B. How to use Namingcontext to recognize users groups? So far it seems it recongnized only groups in A domain.

[Glassboy]

I have same issue. My server is in domain A and users are connecting from trusted domain B. Also groups are in domain B. How to use Namingcontext to recognize users groups? So far it seems it recongnized only groups in A domain.

It's likely that you need a Universal Group in Domain A that contains Global Groups from Domain A and Domain B, which in turn contain users.

In general an application residing in a particular domain won't have an security context in other domains, which is why there are universal groups.