security store editor - alteration for Windows Integrated scope
When I configured GE (version 4.9.0) and applied Windows Integrated security it worked fine... except, the default claims search is not only based on my department (natural resources), it seems to be searching across the entire state govenment (transportation, tourism, corrections, etc.). With that search,it is taking a long time to find a given staff member (like me). I would like to limit the search to just our domain.
I "think" I need to alter the configuration settings within the security store editor, but I don't know where or what to enter. Am I looking in the right place? If so, it there any documentation within Lat Geo or elsewhere that can shed some light on what I need to do?
Mike
0
-
Hi Mike
After some help from our reseller we applied this to control the Domains.
In the Post Installer, right click on the top banner somewhere and select Edit Security Store.
Within the <Service Details> tag add a <Searchers> and add each Searcher Domain you want to use. Below is what I added to limit the domains when searching to the 4 Depts required, rather than the entire State Government Forest
<SecurityDetails xmlns="clr-namespace:Geocortex.Platform.Security.Common">
<ServiceDetails xmlns="clr-namespace:Geocortex.Platform.Security.Integration.Windows">
<Searchers>
<Searcher Path="LDAP://env.sa.gov.au/DC=env,DC=sa,DC=gov,DC=au" UseContainsQueries="false" />
<Searcher Path="LDAP://pirsa.sa.gov.au/DC=pirsa,DC=sa,DC=gov,DC=au" UseContainsQueries="false" />
<Searcher Path="LDAP://dtup.sa.gov.au/DC=dtup,DC=sa,DC=gov,DC=au" UseContainsQueries="false" />
<Searcher Path="LDAP://dfc.sa.gov.au/DC=dfc,DC=sa,DC=gov,DC=au" UseContainsQueries="false" />
/>
</Searchers>
</ServiceDetails>
<PolicyDetails>
<PolicySemantics xmlns="clr-namespace:Geocortex.Platform.Security.Integration.Policy">
<AudiencesToAccept>
<Audience />
</AudiencesToAccept>
.
.
.
.
.
</SecurityDetails>
Save and exit out of the Post Installer.
Hopefully this helps for you too?0 -
That did not seem to have an effect at all.
I'm wondering if I was clear, what I was trying to do. Currently, when I set the permissions for a layer in my site and define that "John Doe" has permission to view the layer, it's returning every John Doe accross the entire state government (see image below).
_img_ alt="User-added image" src="https://latitudegeo--c.na53.content.force.com/servlet/rtaImage?eid=907f2000000k9xi&feoid=Body&refid=0EMf2000000fyAS" _/_img_
Although I defined our spcific LDAP path for just our department, it seems to be ignoring it:
<ServiceDetails xml:id="AD AUTHORITY" xmlns="clr-namespace:Geocortex.Platform.Security.Integration.Windows">
<Searchers>
<Searcher Path="LDAP://dnr.state.wi.us/DC=dnr,DC=state,DC=wi,DC=us" UseContainsQueries="false" />
</Searchers>
</ServiceDetails>
This makes me wonder if I'm supposed to define it somewhere else. I noticed that there is an "Options" tag under "IssuerDetails" (see below). What does that do or am I going down the wrong rabbit hole?
<IssuerDetails xml:id="AD AUTHORITY" xmlns="clr-namespace:Geocortex.Platform.Security.Integration.Web">
<DisplayName>Windows Integrated</DisplayName>
<Issuer>AD AUTHORITY</Issuer>
<Options />
</IssuerDetails>0 -
No, you were quite clear, we did experience the same issues and implemented this in order to filter the returns.
What version of GXE are you on? I should of mentioned that we couldnt get this to work either prior 4.8x0 -
GEX 4.9.0
I would not be totally surprised if it was something on our end, but documetion of what those settings do (or don't do) would help.0
Bitte melden Sie sich an, um einen Kommentar zu hinterlassen.
Kommentare
4 Kommentare