Single Sign-On
Single Sign-On |
|
|
To preempt potential problems in the process of synchronizing and authenticating users in a domain, it is possible to test the domain configuration in the system authentication configuration (CM008), in the "Directory integration
Generally, the connection test failure occurs if there are errors in domain configuration or problems in the network connections between the SE Suite server and the servers that host the directory and authentication services. Therefore, it is indicated to use tools to perform connection diagnostics or have the assistance of the network administrator for any verification of addresses and ports used in the communication. Possible connection test returns: ▪Error message connecting to the domain controller: The SE Suite server was unable to open a connection via LDAP protocol using the URL entered in the "Connection String" field. Ensure that the field is filled correctly, and if a port has not been specified in the URL itself, verify that the server is accepting connections on the default LDAP port 389, or for 636 and/or 3269 ports, defaults to LDAPS, or contact the directory service administrator to check the availability of the service. ▪Alert message stating that the connection via NTMv2 failed: The SE Suite server was unable to open a connection to the domain address and port informed in the configuration. Verify if the respective fields ("Domain address" and "NTLMv2 port") are correct and if the destination server is accepting connections on the port informed. If it is not, check the firewall rules or contact the administrator of your network. Note: If there is no intention to use the NTLMV2 authentication protocol, this alert can be ignored. ▪Error message stating that the user was not found or the password is incorrect: Communication with the directory service occurred without problems, but the user and password entered in the "User" and/or "Password" fields are incorrect. This user refers to a user saved in the directory service, so it must be verified if the name and password are in accordance with the information recorded in the service. Remember that in the "User" field should be typed the name, not the login. ▪Alert message informing that authentication via NTMLV2 failed: In this case, the "User Login" (example: user.test@domain.local) and/or the "Password" entered are incorrect. The user in question is also a recorded user in the directory service, it is just required to check if the information is correct. Note: If there is no intention to use the NTLMV2 authentication protocol, this alert can be ignored. |
Domains" section, when creating or editing a record. This procedure will test the communication from the SE Suite server with the authentication and directory servers informed in the configuration. The tested protocols are LDAP, using the Connection string, provided user and password, and communication with the NTLMV2 domain address and port, for NTLMV2 protocol authentication.