Hello Experts.
RSA G&L Version: Version: 7.0.0.101393 P01
My goal is to create a new authentication source for service accounts only to make web service calls.
And I've followed both RSA Link community questions to the letter but there is something not quite right.
How to create local-account in aveksa (other than AveksaAdmin) to bypass SSO
Here is the basic setup:
1. Have the service account live in our Active Directory and collect the accounts with a specific "service account collector"
2. Create an identity specifically for this service account and mapped the accounts together
3. Create an authentication source using type "RemoteADAuthenticator" and associating the
specific "service account collector"
All this is kinda working as expected and test ok - see screenshot... but I'm not able to login using webservice calls.
"Successfull test of Login for user: ..." screenshot
----------------------
i.e. /aveksa/command.submit?cmd=loginUser&format=json
with payload <username>account</username><password>password</password>
<html><head><title>Error</title></head><body>User could not be validated. The username or password may be incorrect. Query String=cmd=loginUser&format=json</body></html>
----------------------
I've tested the hell out of this - and it seems that only ONE of the FIVE authentication sources will work with web services loginUser call.
If I move the service account to the account collector which I know is working - it's works a perfectly. When I move it back to the correct collector no luck - even tho it test (as above) well and I can login directly to the app.
They are all mapped to unique account collector and the only thing I can think of is that are all authenticated to the same domain.
Any help would be appreciated.
Cheers, Andrew
If you don't see the following section in the Web Services description, then you might not have it yet.
I'm not 100% sure, but I think it was introduced in v7.0 P2