AnsweredAssumed Answered

Authentication Sources - Web Services

Question asked by Andrew Beauchamp on Nov 10, 2017
Latest reply on Nov 12, 2017 by Andrew Beauchamp

Hello Experts. 


RSA G&L Version: Version: P01


My goal is to create a new authentication source for service accounts only to make web service calls.   


And I've followed both RSA Link community questions to the letter but there is something not quite right.  

IGL Service Accounts 

How to create local-account in aveksa (other than AveksaAdmin) to bypass SSO 


Here is the basic setup: 

1. Have the service account live in our Active Directory and collect the accounts with a specific "service account collector"

2. Create an identity specifically for this service account and mapped the accounts together

3. Create an authentication source using type "RemoteADAuthenticator"  and associating the 

specific "service account collector" 


All this is kinda working as expected and test ok - see screenshot...  but I'm not able to login using webservice calls.   


"Successfull test of Login for user:  ..." screenshot




i.e. /aveksa/command.submit?cmd=loginUser&format=json

with payload <username>account</username><password>password</password>


<html><head><title>Error</title></head><body>User could not be validated. The username or password may be incorrect. Query String=cmd=loginUser&amp;format=json</body></html>




I've tested the hell out of this - and it seems that only ONE of the FIVE authentication sources will work with web services loginUser call.  


If I move the service account to the account collector which I know is working - it's works a perfectly. When I move it back to the correct collector no luck - even tho it test (as above) well and I can login directly to the app. 


They are all mapped to unique account collector and the only thing I can think of is that are all authenticated to the same domain. 


Any help would be appreciated. 

Cheers, Andrew