Home > Forum > General > BPS Users Authentication Issue

BPS Users Authentication Issue
0

Hi Everyone!
In the WEBCON environment we use, it is not possible to synchronize users with local AD. However, we want and can use AD to authenticate users. So we added our WEBCON users as BPS users.
In the BPS user synchronization configuration we have set: Synchronization source = None and in the system configuration Authentication Providers = Windows Active Directory.
Once completed, all BPS users have been synchronized and are listed in the CacheOrganizationStructure table with COS_Login in UPN format.
Now the problem:
When a user logs in to the portal, the system sees him in the domain\user format and none of the permissions granted to him work.
By the way - when we "manually" change COS_Login to the domain\user format - everything works fine. However, after some time, WEBCON updates the entries in the CacheOrganizactionStructure anyway and everything falls apart.

Dear colleagues, does anyone know how to force IIS to use the UPN format for user authentication or how to force WEBCON not to correct entries in COS_Login?

Thanks in advance for any suggestions.

MVP

Hi Jacek,

it's quite similar to local accounts in our demo environment. In the end we decided to add the users to the BpsUsers table in the configuration database with an insert statement to circumvent the UI and API restriction that users should be entered in the UPN format.

It's not ideal but sometime and I would prefer not to write to the database directly but sometimes there's no alternative.

Best regards,
Daniel

Check if UPN format is appropriate. Maybe you will need other credentials like including domain name etc. For example, insead of 'jan.kowalski@companyname.pl' sth, like jkowal@intranet.domainname.com.pl. Check what is assigned as COS_BPSid, and what fields are used in "sychronisation configuration". Changing cos_login maually is not a solution since after another synchronisation data will change.

MVP
In reply to: Arek Maz

Check if UPN format is appropriate. Maybe you will need other credentials like including domain name etc. For example, insead of 'jan.kowalski@companyname.pl' sth, like jkowal@intranet.domainname.com.pl. Check what is assigned as COS_BPSid, and what fields are used in "sychronisation configuration". Changing cos_login maually is not a solution since after another synchronisation data will change.

Hi Arek,

you are right, this would be an issue in this case though there is no use synchronization and all users are added as (external) BPS Users.

Sligthty off topic:
There's also a flag in the global parameters of the configuration database to change from UPN to netbios? format for the BPSId when the users are synchronized. At least there had been a flag in the past. :)



Best regards,
Daniel