[midPoint] Active Directory Authentication in midPoint

Konstantin Tikhonov Konstantin.Tikhonov at veeam.com
Thu Apr 9 13:33:16 CEST 2020


Hi Katarina.

Unfortunately we didn’t manage to configure Flexible Authentication for Active Directory. Our engineers always get “User not found” error. In addition, I see in the document in the Limitations section
https://wiki.evolveum.com/display/midPoint/Flexible+Authentication+Configuration#FlexibleAuthenticationConfiguration-Limitations

the following “Flexible authentication is currently supported only for midPoint administration GUI. Only internal password authentication and SAML2 is officially supported. The rest of the functionality is considered to be experimental.<https://wiki.evolveum.com/display/midPoint/Experimental+Functionality>”

So it looks LDAP isn’t supported in Flexible Authentication.

We also tried to configure SAML and it doesn’t work too. Info about metadata URL and endpoints missed in documentation.

Hi Paolo.

Could you please let me know what midPoint version where AD auth works you use?

Thanks.

--
Best Regards,

Konstantin.

From: midPoint <midpoint-bounces at lists.evolveum.com> On Behalf Of Katka Valalikova
Sent: Thursday, April 9, 2020 10:59 AM
To: midPoint General Discussion <midpoint at lists.evolveum.com>
Subject: Re: [midPoint] Active Directory Authentication in midPoint

Hi guys,

have you tried also new flexible authentication configuration? This is the recommended and supported way for LDAP Authentication : https://wiki.evolveum.com/display/midPoint/Flexible+Authentication+Configuration#FlexibleAuthenticationConfiguration-Moduleldap

As stated on wiki, the old way for LDAP authentication<https://wiki.evolveum.com/pages/viewpage.action?pageId=23167000> has never been officially supported by Evolveum (unless the support is explicitly negotiated in subscription).

Regards,
Katarina Valalikova

________________________________
From: "Konstantin Tikhonov" <Konstantin.Tikhonov at veeam.com<mailto:Konstantin.Tikhonov at veeam.com>>
To: "midPoint General Discussion" <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>>
Sent: Wednesday, April 8, 2020 4:25:01 PM
Subject: Re: [midPoint] Active Directory Authentication in midPoint

Hi Paolo.

Is it possible to synchronize AD groups with midPoint roles? And anyways we have to create local users in midPoint manually.
And I don’t also quite understand what we will do if we’d like to update nidPoint, the vendor stop supporting AD/LDAP authentication in further releases and it looks strange for IDM solution.

--
Best Regards,

Konstantin.

From: midPoint <midpoint-bounces at lists.evolveum.com<mailto:midpoint-bounces at lists.evolveum.com>> On Behalf Of Paulo Fernandes de Souza Junior
Sent: Wednesday, April 8, 2020 4:34 PM
To: midPoint General Discussion <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>>
Subject: Re: [midPoint] Active Directory Authentication in midPoint


Hi,



I think you will need to synchronize this AD Groups and membership with Midpoint Roles, then you can associate manage authorizations to this roles.


Paulo Fernandes de Souza Júnior
NQPPPS
Senado Federal - PRODASEN
Fone: 61 3303.3924

_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
https://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200409/4da1e17c/attachment.htm>


More information about the midPoint mailing list