Problem
In the Ubisecure SSO management console, the Agent’s ‘Allowed To’ tab is empty - there are no groups, no ‘Add…’ and ‘Remove’ buttons cannot be seen.
Solution
Using an LDAP Browser, go through all the agents and check each ubiloginAllowAccess attribute. If the agent contains and attribute that has CN=Deleted Object, go ahead and empty that attribute’s value. See if you can see the groups and the button in Ubisecure SSO management consoles again.
...
CN=Deleted Object means that this group has been deleted from CustomerID (e.g. database reset).
If the Authorization Policy attributes tab is blank:
Since ubiloginGroupDN -attribute value cannot be left empty (like ubiloginAllowAccess -attribute in ‘Allowed To’ -case) you must do the following:
IF this is what you have:
CN=eIDMUser\0ADEL:6b7f5c1c-01c2-4d5a-bfc0-1a4e5237a4a8,CN=Deleted Objects,CN=Ubilogin,DC=ec2-52-211-180-140,DC=eu-west-1,DC=compute,DC=amazonaws,DC=com
THEN change it to:
CN=eIDMUser,OU=eIDM Groups,CN=Ubilogin,DC=ec2-52-211-180-140,DC=eu-west-1,DC=compute,DC=amazonaws,DC=com
Related articles
| Filter by label (Content by label) | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...