History | Log In     View a printable version of the current page.  
Issue Details (XML | Word | Printable)

Key: QB-3764
Type: Improvement Improvement
Status: Resolved Resolved
Resolution: Fixed
Priority: Major Major
Assignee: Robin Shen
Reporter: Thrasys Admin
Votes: 0
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
QuickBuild

New SSO accounts can't authenticate with a security provider like ldap

Created: 23/Jul/21 08:30 PM   Updated: 28/Feb/22 12:44 PM
Component/s: None
Affects Version/s: 11.0.7
Fix Version/s: 12.0.0

Original Estimate: Unknown Remaining Estimate: Unknown Time Spent: Unknown


 Description  « Hide
If the first time a user logs in is with SSO.
And then SSO is down, the users can't login with a fall back security provider like LDAP.
That is the user doesn't click SSO but enters there username/password.
They can't authenticate to ldaps.

It would be nice to offer an option or try to use a security provider kind of like when a user isn't found,
QB tries all security provider.

Maybe something like:
if user created by SSO and logging in with user/password, try all security providers.

 All   Comments   Work Log   Change History      Sort Order:
Thrasys Admin [23/Jul/21 08:36 PM]
Or allow setting an auth/security provider to use in SSO configuration for fall back.

Thrasys Admin [02/Aug/21 04:54 PM]
As a workaround until this issue is resolved. I created a script to run daily to set setAuthenticator on all users.

groovy:
com.pmease.quickbuild.persistence.SessionManager.openSession();

try {
def userMgr = com.pmease.quickbuild.entitymanager.UserManager.instance;

for (usr in userMgr.getAll()) {

if (usr.getName().endsWith("@<our domain>") ) { // don't want to set local accounts just those created by SSO
if (usr.getAuthenticator() == null) {
logger.info("Updating Authenticator for User:" + usr.getName());
usr.setAuthenticator("AzureAD-DS");
userMgr.save(usr);
} else {
logger.info("Authenticator already set User:" + usr.getName());
}
} else {
logger.info("Skipping User:" + usr.getName());
}

}
} finally {
com.pmease.quickbuild.persistence.SessionManager.closeSession();
}