Endpoint Security Complete

 View Only

  • 1.  External Identity Provider: Server Configuration

    Posted Sep 26, 2012 02:43 PM

    Hello, 

    Hope I've landed in the right section.

    I'm having difficulty configuring the external identity provider connection.

    I've registered a public DNS name 123.mycompany.com which points to a public ip on our firewall which is only configured to allow LDAP over SSL (636) from the trusted IP of our appcentre.

    After testing various configurations, AD/LDAP, HTTP/S , URL/IP I still dont see any traffic hitting th firewall for that public IP. No denied or allowed attempts.

    Is there something I'm missing ?

    Thanks

     



  • 2.  RE: External Identity Provider: Server Configuration

    Posted Sep 26, 2012 02:44 PM

    HI Pierre_L,

    I've stared a new discussion for you.

    Cheryl



  • 3.  RE: External Identity Provider: Server Configuration

    Posted Sep 27, 2012 04:54 PM

    Hello Pierre_L,

    A couple of things to try:

    1) In the configuration screen for the "Server URI" field are you prefixing the DNS entry with ldap:// or ldaps://? Try both of those in a  combination of "Use SSL" checked and not checked.

    2) If you are using LDAP over SSL, what certificate authority was used to sign your LDAP server?

    3) What IPs did you white-list?



  • 4.  RE: External Identity Provider: Server Configuration

    Posted Sep 28, 2012 10:40 AM

    Thanks for the reponse.

    I whitelisted the two following two IP's

     

    50.18.58.x

    184.169.153.x

    BUT i dont see any traffic to our firewall.

    When adding in ldap/ldaps to the URL it does seem to take longer to fail but still no traffic to the firewall.

    The ACL has 0 hits.

    The SSL cert is issued from verisign.



  • 5.  RE: External Identity Provider: Server Configuration
    Best Answer

    Posted Oct 02, 2012 07:15 AM

    Problem resolved by updating the source IP as confirmed by Symantec support.

    50.18.58.220
    184.169.153.242

    For any future readers after choosing LDAP the URI/L was as follows LDAPS://123.mycompany.com

    and with NO SSL option box enabled. (SSL Un-checked)

    Even though we have the cert and it is a valid cert choosing the SSL option did not work so we kep LDAPS as the prefix in the URI/L



  • 6.  RE: External Identity Provider: Server Configuration

    Posted Oct 17, 2012 01:44 PM

    Hello Pierre,

    We're glad to hear you were able to properly configure your external IDP. I wish to inform you that this request, and the details you provided above, prompted for 2 new KB articles to be created to assist customers in the future.

    If you agree that this issue has been addressed, could you please mark this thread as resolved?

    Thanks,

    Andrew

     



  • 7.  RE: External Identity Provider: Server Configuration

    Posted Oct 18, 2012 01:39 AM

    Glad to hear this will assist your clients going forward. :)