06-30-2017 01:35 AM - edited 06-30-2017 02:01 AM
I have GMSC installed on server that is not in domain (it is in DMZ). GMSC is running under NETWORK_SERVICE user. I want to use sso authentication for users in domain. User test.gmsc is assigned to group app_gmsc in AD and also the role app_gmsc exists in GMSC Admin.
When I try to open GMSC with sso=true, I get "Wrong user or passwor" and following error in log:
30.06.2017 09:44:07 ERROR - Intergraph.Emea.Security.UserNotFoundException: Error authenticating AD user. -- (User test.gmsc not found.) ---> System.Runtime.InteropServices.COMException: The server is not operational. at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_NativeObject() at Intergraph.Emea.Security.SSOUserRoleProvider.GetUser(String userIdentifier) --- End of inner exception stack trace --- at Intergraph.Emea.Security.SSOUserRoleProvider.GetUser(String userIdentifier) at Intergraph.Emea.SmartClient.Services.AuthorizationService.TryLogOn(TryLogOnRequest request)
Is there a way to check what is causing this error? Are there any requirements on LDAP server settings for GMSC? (LDAP server and AD are managed by customer, I do not have access to it)
Note: I tried to connect to ldap server with ldapadmin - it is possible with name and password of domain user, but if I use SSL (port 636) there is a warning about certificate - not valid or not correct name.
07-10-2017 03:57 AM
It's seems to be cross domain access of GMSC. GMSC installed in different domain and users of GMSC are in different domain.
I think it is not out of the box, you may need to log an SR.
Jai Ram Gaur
07-11-2017 12:22 AM
Thanks for the reply. I thought that authentication is done by client (not server) - therefore there should not be problem to have GMSC server in different domain.