User(s) unable to login in Spotfire when username attribute is changed from 'sAMAccountName' to "userPrincipalName" or "mail" in Spotfire server LDAP configuration.
Article ID: KB0078357
Updated On:
| Products | Versions |
|---|---|
| Spotfire Server | All Versions |
Description
Spotfire server uses the LDAP attributes defined in the Spotfire server LDAP configuration. While logging into Spotfire, user should enter the username that match's the LDAP attribute as per Spotfire server LDAP configuration.
Example:
If you set the username attribute as "userPrincipalName" , then you need to enter a username as "user@domain.com".
If you set the username attribute as "samAccountName", then you need to enter a username as "user".
* When username attribute as "userPrincipalName" :
* When username attribute as "sAMAccountName" :
- When you change username attribute under Advanced Settings in Spotfire server LDAP Configuration from "samAccountName" to "userPrincipalName" or "mail" then new entries for user@domain.com will get added in Spotfire.
- After changing username attribute as above, user won't be able to login in Spotfire.
- The following error appears in Spotfire server logs (server.log):
-----------------
DEBUG 2019-02-20T08:54:35,194-0400 [unknown, #0] jaas.ldap.LDAPLoginModule: Authenticating user 'test@xyz.com' in LDAPLoginModule
DEBUG 2019-02-20T08:T08:54:35,194-0400 [unknown, #0] jaas.ldap.LDAPLoginModule: Parsing the username into a user and a domain part
DEBUG 2019-02-20T08:T08:54:35,195-0400 [unknown, #0] jaas.ldap.LDAPLoginModule: The specified domain name does not match any of the domains handled by this instance: 'XYZ', 'ABC'
TRACE 2019-02-20T08:T08:54:35,195-0400 [unknown, #0] jaas.ldap.LDAPLoginModule: This login module doesn't handle domain xyz.com
ERROR 2019-02-20T08:T08:54:35,195-0400 [unknown, #0] server.security.AuthenticationManager: Error authenticating user 'test@xyz.com'
------------------
Example:
If you set the username attribute as "userPrincipalName" , then you need to enter a username as "user@domain.com".
If you set the username attribute as "samAccountName", then you need to enter a username as "user".
* When username attribute as "userPrincipalName" :
* When username attribute as "sAMAccountName" :
- When you change username attribute under Advanced Settings in Spotfire server LDAP Configuration from "samAccountName" to "userPrincipalName" or "mail" then new entries for user@domain.com will get added in Spotfire.
- After changing username attribute as above, user won't be able to login in Spotfire.
- The following error appears in Spotfire server logs (server.log):
-----------------
DEBUG 2019-02-20T08:54:35,194-0400 [unknown, #0] jaas.ldap.LDAPLoginModule: Authenticating user 'test@xyz.com' in LDAPLoginModule
DEBUG 2019-02-20T08:T08:54:35,194-0400 [unknown, #0] jaas.ldap.LDAPLoginModule: Parsing the username into a user and a domain part
DEBUG 2019-02-20T08:T08:54:35,195-0400 [unknown, #0] jaas.ldap.LDAPLoginModule: The specified domain name does not match any of the domains handled by this instance: 'XYZ', 'ABC'
TRACE 2019-02-20T08:T08:54:35,195-0400 [unknown, #0] jaas.ldap.LDAPLoginModule: This login module doesn't handle domain xyz.com
ERROR 2019-02-20T08:T08:54:35,195-0400 [unknown, #0] server.security.AuthenticationManager: Error authenticating user 'test@xyz.com'
------------------
Environment
All Supported OS
Resolution
As Spotfire does not consider @domain.com as actual part of the username. To resolve this issue, disable the "Parse user and domain name". .
Follow below steps to disable the "Parse user and domain name" setting:
- Login to Spotfire server machine
- Launch Spotfire server Configuration tool
- Go to "Configuration" tab
- Click on "Domain" in left panel
- In right panel, set "parse user and domain name" to "no".
- Save the configuration and then restart the Spotfire server service.
Follow below steps to disable the "Parse user and domain name" setting:
- Login to Spotfire server machine
- Launch Spotfire server Configuration tool
- Go to "Configuration" tab
- Click on "Domain" in left panel
- In right panel, set "parse user and domain name" to "no".
- Save the configuration and then restart the Spotfire server service.
Issue/Introduction
User(s) unable to login in Spotfire when username attribute is changed from 'sAMAccountName' to "userPrincipalName" or "mail" in Spotfire server LDAP configuration.
Feedback
Yes
No
Powered by
