Question

Connect to Active Directory with IFS10

  • 19 October 2021
  • 7 replies
  • 915 views
B
Rank
Badge +2

Hi, 

 

I need to configure our IFS 10.8.0.0 installation with our internal Active directory (Not an Azure one)

Through this screen by following the Online ifs documentation.

 

My configuration is ok since i can save the parameters after settings them.

 

And then i cannot succeed while trying to connect to IFS with my AD account, and i have no messages in the log saying that it ever try to attempt to join the AD while connect

The only message i have is : FND user not found for username

 

Did i do something wrong ? 

Do i miss something ? 

Thank you for your help.

 

 

This topic has been closed for comments

7 replies

william.klotz
Rank
Userlevel 7
Badge +21

Hi @BivonaK ,

 

Based on your screenshot you’re missing information that is required so IFS can authenticate to active directory.   You can click on the link below which will take you to the IFS help explaining how to t configure the Active Directory Authenticator information.  Just scroll down about halfway and you’ll see the information.

 

Link:  Active Directory Authenticator

 

You need to enter the following information.

  • Hostname: Enter the fully qualified hostname of the LDAP server (for failover LDAP configuration refer to the section).
  • Port: Enter the port of the LDAP server. Default values are 389 for standard connection and 636 when using SSL.
  • Use SSL: This setting enables communication using TLS, turning on LDAPS instead of standard LDAP. Use of LDAPS is always recommended.
  • Username: Enter the username (typically a service user account) which have read access rights in the LDAP server. It is not recommended to use an SPN if available.
  • Password: Enter the password for the account specified by the username above. The first time the compatibility Active Directory Authenticator is set up, this is mandatory. If the compatibility Active Directory Authenticator is reconfigured later, it is only mandatory if a new password needs to be specified.
  • User Base DN: Specify the base folder where users are located in the LDAP directory.
  • Group Base DN:  Specify the root folder containing groups in the LDAP directory.

Regards,

William Klotz

S
Rank
Userlevel 7
Badge +21

Hi @BivonaK ,

If you are trying to configure the application to use AD based authentication for client logons (IEE & Aurena), the AD authenticator option that you are using is not the place to do it. The page in your screenshot is only meant to be used for backward compatibility and is only used for legacy integrations rather than client authentications.

 

In order to use on-premise AD based authentication you need to have ADFS v4 configured in the domain. You can use ADFS as the IDP after that.

 

 

For more info on this, please refer to the online tech docs using the link below

https://docs.ifs.com/techdocs/Foundation1/040_administration/210_security/015_authentication/030_configure_ADFS/default.htm

 

Cheers

B
Rank
Badge +2

Thank you for your answers !!

 

William, my screenshot was only for illustration purpose and i had filled all the field  and was available to save my configuration without error. That why i thought the problem was after this step.

 

Sajith, you mean that there is no way to connect to a simple AD through this way ?

As online documentation seems to say it is possible it s a bit dissapointing here. And ADFS is not a real alternative for me as now.

 

Thank you once again.

 

B
Rank
Badge +2

Hi , 

 

any precisions , or any opinion on this point / question ? :)

 

Regards

S
Rank
Userlevel 7
Badge +21

Hi @BivonaK ,

Following up on my previous comment, Yes. the only way to use AD for client authentication inApps10 would be to have ADFS in front as the authentication is open id based. ADFS is the mechanism that windows AD support openID connect. 

 

Cheers

A
Rank
Userlevel 2
Badge +6

Hi @BivonaK ,

 

Have you changed directoryId property of the user frmo UserId to AD username?

Ahmet GULTEKIN
rayanhimal
Rank
Userlevel 2
Badge +4

Hi All,

 

I was going through this kind of a setup and got below error when I try to verify AD TLS.

 

 

According to the customer, they do not see any issue from their side. Does anyone got this issue?

 

TIA!

 

Best Regards,

Rayan

Terms & ConditionsCookie settings