Video Screencast Help
Search Video Help Close Back
to help

External Identity Provider: Server Configuration

Created: 26 Sep 2012 | Updated: 17 Oct 2012 | 6 comments
Pierre_L's picture
Pierre_L
0 0 Votes
Login to vote
This issue has been solved. See solution.

Hello, 

Hope I've landed in the right section.

I'm having difficulty configuring the external identity provider connection.

I've registered a public DNS name 123.mycompany.com which points to a public ip on our firewall which is only configured to allow LDAP over SSL (636) from the trusted IP of our appcentre.

After testing various configurations, AD/LDAP, HTTP/S , URL/IP I still dont see any traffic hitting th firewall for that public IP. No denied or allowed attempts.

Is there something I'm missing ?

Thanks

 

Discussion Filed Under:
, ,

Comments 6 CommentsJump to latest comment

ohzone's picture
ohzone Admin
External Identity Provider: Server Configuration - Comment:26 Sep 2012 : Link

HI Pierre_L,

I've stared a new discussion for you.

Cheryl

Endpoint Management,
Endpoint Virtualization
Community Manager
www.twitter.com/EMnV_symc
Need Altiris help? IRC chat #Altiris

0
Login to vote
  • Actions
Dishwishy's picture
Dishwishy Symantec Employee Accredited
External Identity Provider: Server Configuration - Comment:27 Sep 2012 : Link

Hello Pierre_L,

A couple of things to try:

1) In the configuration screen for the "Server URI" field are you prefixing the DNS entry with ldap:// or ldaps://? Try both of those in a  combination of "Use SSL" checked and not checked.

2) If you are using LDAP over SSL, what certificate authority was used to sign your LDAP server?

3) What IPs did you white-list?

0
Login to vote
  • Actions
Pierre_L's picture
Pierre_L
External Identity Provider: Server Configuration - Comment:28 Sep 2012 : Link

Thanks for the reponse.

I whitelisted the two following two IP's

 

50.18.58.x

184.169.153.x

BUT i dont see any traffic to our firewall.

When adding in ldap/ldaps to the URL it does seem to take longer to fail but still no traffic to the firewall.

The ACL has 0 hits.

The SSL cert is issued from verisign.

0
Login to vote
  • Actions
Pierre_L's picture
Pierre_L
External Identity Provider: Server Configuration - Comment:02 Oct 2012 : Link

Problem resolved by updating the source IP as confirmed by Symantec support.

50.18.58.220
184.169.153.242

For any future readers after choosing LDAP the URI/L was as follows LDAPS://123.mycompany.com

and with NO SSL option box enabled. (SSL Un-checked)

Even though we have the cert and it is a valid cert choosing the SSL option did not work so we kep LDAPS as the prefix in the URI/L

SOLUTION
+1
Login to vote
  • Actions
Andrew_C's picture
Andrew_C Symantec Employee
External Identity Provider: Server Configuration - Comment:17 Oct 2012 : Link

Hello Pierre,

We're glad to hear you were able to properly configure your external IDP. I wish to inform you that this request, and the details you provided above, prompted for 2 new KB articles to be created to assist customers in the future.

If you agree that this issue has been addressed, could you please mark this thread as resolved?

Thanks,

Andrew

 

0
Login to vote
  • Actions
Pierre_L's picture
Pierre_L
External Identity Provider: Server Configuration - Comment:17 Oct 2012 : Link

Glad to hear this will assist your clients going forward. :)

0
Login to vote
  • Actions