VERIFIED SOLUTION i
X

Resolve Active Directory authentication failed after Spectrum 12.1 upgrade

Issue

Spectrum v12.1 AD authentication broken after upgrade. The user upgraded to Spectrum 12.1 platform with LIM module. 
  • cdq1210S01.rls
  • cdq1210S06.rls
  • cdq1210S09.rls
  • cdq1210S013.rls
  • cdq1210S014.rls

The above mentioned are all v12.1 patches installed for platform & LIM. So when the user turn the logging up to trace, he can see that it is authenticating the user against LDAP (and prove by attempting an incorrect password) but there is no reference to the attribute user is having spectrum look for the AD security groups (memberOf).

The user had this exact same issue in v12.0 and it was found to be a patch that had broken that component of the authentication process which is where patch S31 of v12.0 was created fixing v12.0. The user applied this patch to the client environment (last year) and AD authentication had been working fine. But since upgrading to v12.1, it has stopped.

It seems if the user were to cycle through the process it would behave as such:
  • v12.1 with no patches, results into no AD authentication.
  • S01 works with AD authentication.
  • S06 on wards: one of these patches will break it again.

Cause

SpectrumFolder\server\modules\spatial\jackrabbit\workspaces\default\workspace.xml file overwritten to default after upgrade.

Resolution

UPDATED: November 2, 2018


If Location Intelligence Module is being used and plan to map roles (as described in Mapping LDAP Attribute Values to Roles), additional manual configuration of the Jackrabbit configuration file (located in SpectrumFolder\server\modules\spatial\jackrabbit\workspaces\default\workspace.xml) is needed to make Spectrum Spatial aware of any dynamically assigned LDAP or Active Directory roles. Add the checkRoles parameter as shown below:
<!-- 
  Spectrum ACL provider.
 -->
 <WorkspaceSecurity>
  <AccessControlProvider class="com.mapinfo.repository.jackrabbit.acl
   .AccessControlProviderImpl">
   <param name="checkRoles" value="true"/>
  </AccessControlProvider>
 </WorkspaceSecurity>

For more details, refer "Using LDAP or Active Directory for Authentication" section in Spectrum Administration Guide.

Environment Details

Product Feature: Security

 

Downloads

  • No Downloads