+1-888-365-2779
Try Now
More in this section

Forums / General Discussions / Gaining access to back end after LDAP configured

Gaining access to back end after LDAP configured

10 posts, 1 answered
  1. Deryk Robosson
    Deryk Robosson avatar
    6 posts
    Registered:
    19 Aug 2009
    11 Apr 2013
    Link to this post
    I appear to have gotten myself into a bit of a pickle.  I installed, configured and created pages and content within a 5.4 installation.  A client then informed me that they wanted Active Directory integration with SSO.  I configured things for the integration yesterday and went home.  When I got back in this morning, my previous administrative user session had timed out.  Being as I had not fully configured roles for AD users/groups to have back end access and SSO is enabled, I'm not 100% clear on how to return to the default authentication provider so that I can log in using the standard form.

    Can anyone shed some light on a process on how to achieve this either through perhaps a query string argument, configuration change or database tweak to give at least a known AD user (mine) access to the back end?
  2. Steve
    Steve avatar
    3037 posts
    Registered:
    03 Dec 2008
    11 Apr 2013 in reply to Deryk Robosson
    Link to this post
    If you edit the security config manually (and recycle the app pool, could you give your role admin rights for now?

    <roleProviders>
        <add description="AppRolesDescription" type="Telerik.Sitefinity.Security.Ldap.LdapRoleProvider, Telerik.Sitefinity" applicationName="LdapBackend/" enabled="True" name="MyADRoles" />
    </roleProviders>
    <administrativeRoles>
        <role roleProvider="MyADRoles" roleName="SITE_Admin" />
    </administrativeRoles>

    ...but couldn't you still visit /Sitefinity and pick "Default" as the provider to log in...or did you disable Default as well?
    Answered
  3. Deryk Robosson
    Deryk Robosson avatar
    6 posts
    Registered:
    19 Aug 2009
    12 Apr 2013
    Link to this post
    I suspect that I either disabled Default or overwrote it (getting a hit on the latter) when configuring LDAP with SSO via the STS application as I get the fairly immediate "You do not have permission to access" message.  What I can do differently in the future is to leave it present until I know that everything is sorted and working properly.
    I've tried what you suggested with the security configuration with no change in the experienced outcome.
  4. Steve
    Steve avatar
    3037 posts
    Registered:
    03 Dec 2008
    12 Apr 2013 in reply to Deryk Robosson
    Link to this post
    You should still be able to edit your security config to re-enable default though...by default it IS enabled, so in order to turn it off the "enabled" flag will trip to false...so since that is different than the default setting it will appear in the config file for you to edit.

    Confused? :)
  5. Deryk Robosson
    Deryk Robosson avatar
    6 posts
    Registered:
    19 Aug 2009
    12 Apr 2013 in reply to Steve
    Link to this post
    I'm with you on that re the state of enabled/not enabled.  Knowing what you're telling me that it is enabled by default (as it isn't present within the security configuration file), what I feel and believe is happening is something (ldap provider?) is grabbing the the authentication process before the default.
  6. Steve
    Steve avatar
    3037 posts
    Registered:
    03 Dec 2008
    12 Apr 2013 in reply to Deryk Robosson
    Link to this post
    When you go to site.com/Sitefinity you do or do not see a dropdown for default\ldap?
  7. Deryk Robosson
    Deryk Robosson avatar
    6 posts
    Registered:
    19 Aug 2009
    12 Apr 2013 in reply to Steve
    Link to this post
    I do not see the original login form with a drop down option, no.
  8. Steve
    Steve avatar
    3037 posts
    Registered:
    03 Dec 2008
    12 Apr 2013 in reply to Deryk Robosson
    Link to this post
    ...can you send me your securityconfig?  steve at sitefinitysteve com?
  9. Deryk Robosson
    Deryk Robosson avatar
    6 posts
    Registered:
    19 Aug 2009
    12 Apr 2013 in reply to Steve
    Link to this post
    Sent.  If we're able to nut this out, I'll follow up with resolution information so that others can also have the knowledge and it is searchable.
  10. Deryk Robosson
    Deryk Robosson avatar
    6 posts
    Registered:
    19 Aug 2009
    15 Apr 2013 in reply to Deryk Robosson
    Link to this post
    For the benefit of others that may be seeking the same information, Telerik support response on this is firstly re-enabling manual log in (I chose on the day to restore the VM to a known state to reduce time required):
    <federatedAuthentication>

            <wsFederation passiveRedirectEnabled="true" issuer="http://localhost" realm="http://localhost" requireHttps="false" />

            <cookieHandler requireSsl="false" />

          </federatedAuthentication>

10 posts, 1 answered