Cybersecurity
DevOps Cloud (ADM)
IT Operations Cloud
Summary
Customer has 2 types of users, both authenticated via a keycloak server. One set of those users keycloak authenticates against an LDAP server the other group is authenticated against a local database in keycloak without LDAP. Keycloak does the SAML for both and returns the assigned groups in its response. In SSC they set up the LDAP and was able to get groups associated with those users as you suggested. The keycloak local users without LDAP still can't get groups assigned in SSC. Is possible in SSC without LDAP integration?
Products
Fortify
Environment
SSC 22.2
Situation
Customer uses 2 types of users, both authenticated via a keycloak server. One set of those users keycloak authenticates against an LDAP server the other group is authenticated against a local database in keycloak without LDAP. Keycloak does the SAML for both and returns the assigned groups in its response.
In SSC they set up the LDAP and was able to get groups associated with those users as you suggested.
The keycloak local users without LDAP still can't get groups assigned in SSC.
Is possible in SSC without LDAP integration?
2023-02-09 14:27:21,711 192.168.4.215 /saml/SSO/alias/fortify-ssc [WARN] com.fortify.manager.security.CustomLoggerListener - Authentication event AuthenticationFailureBadCredentialsEvent: ; exception: User (LDAP) has no roles.
Cause
The only way to support groups in SSC is via LDAP integration
Resolution
Use LDAP integration
Additional information: https://www.microfocus.com/documentation/fortify-software-security-center/2210/SSC_Help_22.1.0/index.htm#SSC_UG/Register_LDAP_Entities.htm?TocPath=Part%2520I%253A%2520Deploying%2520Fortify%2520Software%2520Security%2520Center%257CAdditional%2520Fortify%2520Software%2520Security%2520Center%2520Configuration%257CConfiguration%2520Options%2520Available%2520%2520in%2520the%2520%2520ADMINISTRATION%2520View%257CLDAP%2520User%2520Authentication%257CConfiguring%2520LDAP%2520Servers%257C_____3
Knowledge Base Article Link
URL Name
KM000015271