12/13/2022 02:47 AM
2) Step 1 of the reset process requires the credentials to be entered
3) When entering the correct credentials, they are always perceived as not valid
Again, this only happens with LDAP Authentication enabled. How can we solve this issue?
12/13/2022 03:40 AM
Hello @AvuartePacheco ,
If I understand this correct it works when Local auth (Saviynt auth) is enabled & does not work when LDAP authentication is enabled ?
12/13/2022 06:14 AM
Exactly. If we are only using local users, it works fine. However, if we enable LDAP authentication by changing the AuthenticationConfig.groovy file, the reset security questions stops working with the behaviour described in the first post.
12/13/2022 04:07 AM
Does LDAP Connector is setup Done in configuration
12/13/2022 06:25 AM
Not sure if I understood the question. We are using the Active Directory connector to import and provision accounts. We are also connecting to the same Active Directory for the LDAP Authentication configurations in the AuthenticationConfig.groovy file. Below you can find the configuration (with sensitive information redacted):
/* LDAP */
grails.plugin.springsecurity.ldap.active=true
grails.plugin.springsecurity.ldap.context.managerDn = '***'
grails.plugin.springsecurity.ldap.context.managerPassword = '***'
grails.plugin.springsecurity.ldap.context.server = 'ldaps://***.***.***.***:636' // if port 636 then ldaps
grails.plugin.springsecurity.ldap.authorities.ignorePartialResultException = true // typically needed for Active Directory
grails.plugin.springsecurity.ldap.search.base = '***'
grails.plugin.springsecurity.ldap.search.filter= "sAMAccountname={0}" // for Active Directory you need this
grails.plugin.springsecurity.ldap.search.searchSubtree = true
grails.plugin.springsecurity.ldap.auth.hideUserNotFoundExceptions = false
//grails.plugin.springsecurity.ldap.search.attributesToReturn = ['mail','displayName']
//grails.plugin.springsecurity.providerNames = ['ldapAuthProvider' , 'daoAuthenticationProvider' , 'anonymousAuthenticationProvider', 'rememberMeAuthenticationProvider'] // specify this when you want to skip attempting to load from db and only use LDAP
grails.plugin.springsecurity.ldap.mapper.userDetailsClass = 'com.saviynt.ecm.identitywarehouse.domain.Users'
//grails.plugin.springsecurity.userLookup.usernamePropertyName = 'systemUserName'
grails.plugin.springsecurity.ldap.useRememberMe = false
//grails.plugin.springsecurity.ldap.authorities.groupSearchBase = 'OU=US'
//grails.plugin.springsecurity.ldap.authorities.retrieveGroupRoles = false
grails.plugin.springsecurity.ldap.authorities.retrieveDatabaseRoles = true
12/13/2022 11:44 PM
Hello @AvuartePacheco ,
I am not sure about the v5.5 SP 5.X , but from v2020 onwards we have an option to set step up authentication to reset the question from the global configuration. so, you could explore other methods.
12/14/2022 03:28 AM
Please share additional logs