Hexagon Geospatial
MENU

Developer Discussions

Discuss topics with other Hexagon Geospatial Power Portfolio developers and experts to get the most out of our products.
Showing results for 
Search instead for 
Do you mean 
Reply
Highlighted
Contributor
Posts: 62
Registered: ‎11-12-2015

GMSC Single Sign-On Failure

[ Edited ]

Hi all,

 

I have GMSC installed on server that is not in domain (it is in DMZ). GMSC is running under NETWORK_SERVICE user. I want to use sso authentication for users in domain. User test.gmsc is assigned to group app_gmsc in AD and also the role app_gmsc exists in GMSC Admin.

 

When I try to open GMSC with sso=true, I get "Wrong user or passwor" and following error in log:

 

 

30.06.2017 09:44:07 ERROR - Intergraph.Emea.Security.UserNotFoundException: Error authenticating AD user. -- (User test.gmsc not found.) ---> System.Runtime.InteropServices.COMException: The server is not operational.
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_NativeObject()
at Intergraph.Emea.Security.SSOUserRoleProvider.GetUser(String userIdentifier)
--- End of inner exception stack trace ---
at Intergraph.Emea.Security.SSOUserRoleProvider.GetUser(String userIdentifier)
at Intergraph.Emea.SmartClient.Services.AuthorizationService.TryLogOn(TryLogOnRequest request)

 

Is there a way to check what is causing this error? Are there any requirements on LDAP server settings for GMSC? (LDAP server and AD are managed by customer, I do not have access to it)

 

Note: I tried to connect to ldap server with ldapadmin - it is possible with name and password of domain user, but if I use SSL (port 636) there is a warning about certificate - not valid or not correct name.

 

Thanks,

Tereza

Staff
Posts: 27
Registered: ‎12-22-2016

Re: GMSC Single Sign-On Failure

Hi,

 

It's seems to be cross domain access of GMSC. GMSC installed in different domain and users of GMSC are in different domain.

I think it is not out of the box, you may need to log an SR.

 

Thanks,

Jai Ram Gaur

Contributor
Posts: 62
Registered: ‎11-12-2015

Re: GMSC Single Sign-On Failure

Hi,

Thanks for the reply. I thought that authentication is done by client (not server) - therefore there should not be problem to have GMSC server in different domain.

 

Tereza

Do you need immediate support?
Please submit a Ticket through our
Development Ticket Portal.