Allowed To tab or Authorization Policy tab is blank

Problem

In the Ubisecure SSO management console, the Agent’s ‘Allowed To’ tab is empty - there are no groups, no ‘Add…’ and ‘Remove’ buttons cannot be seen.

Solution

Using an LDAP Browser, go through all the agents and check each ubiloginAllowAccess attribute. If the agent contains and attribute that has CN=Deleted Object, go ahead and empty that attribute’s value. See if you can see the groups and the button in Ubisecure SSO management consoles again.

Go to ubiloginAllowAccess attribute and scroll to the right to see if you can find ‘CN=Deleted Objects’.

CN=Deleted Object means that this group has been deleted from CustomerID (e.g. database reset).


If the Authorization Policy attributes tab is blank:

Since ubiloginGroupDN -attribute value cannot be left empty (like ubiloginAllowAccess  -attribute in ‘Allowed To’ -case)  you must do the following:

 

IF this is what you have:

CN=eIDMUser\0ADEL:6b7f5c1c-01c2-4d5a-bfc0-1a4e5237a4a8,CN=Deleted Objects,CN=Ubilogin,DC=ec2-52-211-180-140,DC=eu-west-1,DC=compute,DC=amazonaws,DC=com

 

THEN change it to:

CN=eIDMUser,OU=eIDM Groups,CN=Ubilogin,DC=ec2-52-211-180-140,DC=eu-west-1,DC=compute,DC=amazonaws,DC=com