Wikis - Page

Knowledge Doc: [SSC] SAML authentication group roles / SSC 22.2

1 Likes

Summary
Customer has 2 types of users, both authenticated via a keycloak server. One set of those users keycloak authenticates against an LDAP server the other group is authenticated against a local database in keycloak without LDAP. Keycloak does the SAML for both and returns the assigned groups in its response. In SSC they set up the LDAP and was able to get groups associated with those users as you suggested. The keycloak local users without LDAP still can't get groups assigned in SSC. Is possible in SSC without LDAP integration?

Products
Fortify

Environment
SSC 22.2

Situation
Customer uses 2 types of users, both authenticated via a keycloak server. One set of those users keycloak authenticates against an LDAP server the other group is authenticated against a local database in keycloak without LDAP. Keycloak does the SAML for both and returns the assigned groups in its response.

In SSC they set up the LDAP and was able to get groups associated with those users as you suggested.

The keycloak local users without LDAP still can't get groups assigned in SSC.

Is possible in SSC without LDAP integration?

2023-02-09 14:27:21,711 192.168.4.215 /saml/SSO/alias/fortify-ssc [WARN] com.fortify.manager.security.CustomLoggerListener - Authentication event AuthenticationFailureBadCredentialsEvent: ; exception: User (LDAP) has no roles.

Cause
The only way to support groups in SSC is via LDAP integration

Resolution
Use LDAP integration

Additional information: https://www.microfocus.com/documentation/fortify-software-security-center/2210/SSC_Help_22.1.0/index.htm#SSC_UG/Register_LDAP_Entities.htm?TocPath=Part%2520I%253A%2520Deploying%2520Fortify%2520Software%2520Security%2520Center%257CAdditional%2520Fortify%2520Software%2520Security%2520Center%2520Configuration%257CConfiguration%2520Options%2520Available%2520%2520in%2520the%2520%2520ADMINISTRATION%2520View%257CLDAP%2520User%2520Authentication%257CConfiguring%2520LDAP%2520Servers%257C_____3


Knowledge Base Article Link
URL Name
KM000015271

Tags:

Labels:

Support Tips/Knowledge Docs
Comment List
Related
Recommended