Gecortex 4.0 doesn’t understand security\permissions set in 3.15.0,

Permanently deleted user

February 15, 2014 15:31

Gecortex 4.0 doesn’t understand security\permissions set in 3.15.0,

The migration from 3.15 to 4.0 causes serious problem regarding the permission\security settings. I tried to set my permission\security from scratch in 4.0 but it appears not to work.

I couldn’t find out the “create new geocortex security provider” option and thus couldn’t manage the users\roles

/customer/servlet/servlet.FileDownload?file=00P6000000elttSEAQ

 

/customer/servlet/servlet.FileDownload?file=00P6000000elztqEAA

How this issue is managed in 4.0?

Thank you

Best

Jamal

0

• 

  Permanently deleted user

  February 17, 2014 15:01

  Hi Jamal,

   

    The Geocortex Essentials 4.0 Administrator Guide has two sections on security setup and configuration - "About Security" and "Essentials Security." I can strongly recommend that you read these sections before attempting to configure the security on your system.

    While the Geocortex Identity Server can be made to use the older Geocortex security provider (pre-4.0), it's much better to use the new Identity Server's role and membership providers.

    The dialog you've posted suggest that the Geocortex Identity server is having trouble communicating with Essentials Manager. It may not be installed and/or configured properly, the IIS server/application it is running on is having issues or there may be some network restrictions or issues preventing it from responding.

   I would suggest starting with using Fiddler (https://support.geocortex.com/use-fiddler-to-capture-web-traffic-between-a-web-browser-and-a-web-site) and  examining http://jamal-sony/Geocortex/IdentityServer/.

  Given the problems you've had in the past with networking, and that working on these types of issues is best resolved working live with the system, I would suggest that your distributor would be the best resource to help you with this issue.

  regards,

   

  Edmond

   

  0
• 

  Permanently deleted user

  February 19, 2014 01:43

  Thank you very much Edmond for the help,

  At the moment, I’m working on my test machine (jamal-sony) where no networks issues are involved. Nevertheless, the error below persists to appear as the “users and roles” icon is clicked

  What might be the issue here?

  In principle, does the 4.0 preserver the security plan set in 3.15?

   

  /customer/servlet/servlet.FileDownload?file=00P6000000em245EAA

   

  /customer/servlet/servlet.FileDownload?file=00P6000000em1fJEAQ

  0
• 

  Permanently deleted user

  February 19, 2014 22:01

  We've got a couple sites with close to 100 users from pre-4.0.  In version 3.x there were security provider xml files stored on disk next to the site xml, but as this thread indicates, all GCX does is inform us that the users & roles need to be updated to one of the new provider types - there doesn't seem to be an import mechanism.

  Can the 4.0 security provider be edited via flat file on disk?  If not, what is Latitude's recommend migration path?  I really hope the answer is not typing them all in.

  Edmond, you mentioned the Identity Server can use the 3.x security provider, but I'm not finding any info on this in the administrator guide.  Would you please give some more info/instruction on how to do this? 

  Nate

   

  0
• 

  Ryan Cooney

  February 20, 2014 00:46

  Hi Nathan,

  There isn't an import mechanism.

  It is possible to configure Identity Server to use the old Xml file based providers. The documentation on how to do this did not get completed in time for the 4.0 release though. Here is an excerpt from the next edition of the Admin Guide that covers this (https://support.geocortex.com/Data/Sites/1/userfiles/1725/configureidentityservertouselegacyxmlproviders.pdf) /Data/Sites/1/userfiles/1725/configureidentityservertouselegacyxmlproviders.pdf .

  --Ryan

  0
• 

  Permanently deleted user

  February 20, 2014 22:31

  Thanks Ryan, that worked.  In membership.config, the documentation says to include enabled="true" in the membership element, but I received an error when this was included.  Removing it made it work.

  Nate

  0
• 

  Ryan Cooney

  February 21, 2014 00:38

  Hi Nathan,

  You are correct that attribute does not belong there. It should only be present in the roleManager.config file. We will correct that. This same error is on the SQL Server provider page.

  --Ryan

  0
• 

  James Landwehr

  February 21, 2014 02:27

  Ryan,

  Is it absolutely  required to have a SSL Certificate to set security using the Geocortex Identity Server? I am trying to use the default  Identity Server setup (as described in section  39.7.1). I'm able to add users and roles, but my trouble seems to stem from  what exactly gets put in the Callback URL box . I've un checked the "require SSL"  box on the settings page  but am still having trouble getting the authentication screen prompted for sites that have permissions set to them. 

  Should the callback URL look like: http://<servername>/Geocortex/IdentityServer/?

  Any clarification appreciated.

  Thanks. Jim

  PS. (No redirect is necessary, as everything is hosted on one server). 

  0
• 

  James Landwehr

  February 21, 2014 05:39

  The correct callback URL looks like: http://<servername>/Geocortex/Essentials/REST

  Issue solved.

  Thanks.

  0
• 

  Permanently deleted user

  February 21, 2014 05:47

  For me, I’m still having the error below:

  “Unable to manage users and roles for security provider 'Geocortex Identity Server'. The underlying connection was closed: An unexpected error occurred on a send”

  This is despite the fact that the Geocortex security was working fine in 3.15

  What might be the issue here in the 4.0? why the Geocortex security gets a bit complicated?

  0
• 

  Permanently deleted user

  February 23, 2014 13:11

  Hi Jamal,

  Perhaps the new feature video will help you understand why we've changed the security system in Essentials 4.0 and the benefits of it. You'll find it here on the support site under Video Recordings > New Product Features > Security Improvements. After watching it please read thought the Administrator's guide on security as there is lots of good information on how to configure the system properly.  Ryan has posted a draft document on how to use the membership/role provider from 3.X in 4.0, but if you're starting from scratch we'd recommend the default 4.0 Identity provider.   

  As for the issue you are facing with adding or editing the users and roles, have you looked at the message in the dialog by clicking Show Details? What did it say? The error message suggests that there was a networking/IT infrastructure related issue. 

  While there may not be a physical network involved here, the viewer communicates to both the Essentials server and to the Security Provider over HTTP(S). This communication does use redirects and callbacks, which can be captured by networking tools. When you ran Fiddler, what information did it give you? 

  regards,

   

  Edmond

   

  0
• 

  Permanently deleted user

  February 23, 2014 23:16

  Many thanks Edmond for the help,

  With the help of an export, this issue is resolved.

  All what I needed to do is to re-Post Installation Configuration and to uncheck the SSL.

  /customer/servlet/servlet.FileDownload?file=00P6000000elzJ0EAI

   

  Best

   

  Jamal

  0

Please sign in to leave a comment.