AnsweredAssumed Answered

Unable to map a group of users to a role in Portal 4.2

Question asked by gamgu02 Employee on Aug 17, 2018
Latest reply on Aug 27, 2018 by garma26

I have a simple LDAP configured like this:

 

User

dn: uid=p00,ou=people,dc=ca

cn: user

objectClass: inetOrgPerson

uid: p00

title: admin

 

Group

dn: cn=APIM_ADMINISTRATOR,ou=groups,dc=ca

cn: APIM_ADMINISTRATOR

objectClass: groupOfNames

member: uid=p00,ou=people,dc=ca

 

With just this I could create a LDAP Identity Provider in the CA API Gateway - Policy Manager 9.3, allow assignment to administrative rules, set the group "APIM_ADMINISTRATOR" as administrator so that every member inside it has admin rules, and log in with user p00.

 

However, I can't figure out how to do this in the CA API Developer Portal 4.2.2.7.

When using LDAP Authentication Scheme, it only provides mappings for user attributes.If I want to authenticate a user as Portal Administrator, I have to map the user "role" attribute as "title" and the role mapping for a Portal Administrator as "admin", so that a user with "title=admin" can log in as admin. But it just maps a role to an user.

I have been told I could do this using SAML SSO Authentication Scheme, but every attempt I made to return a response to the Portal with an authenticated user resulted with the Portal redirecting to the failed login page.

 

So my question is: How can I map a role to a group and authenticate using a member of this group in the CA API Developer Portal 4.2.2.7? Why can I do it as simple as that with the Policy Manager, but not with the Portal? Assigning every possible member to a role isn't an option.

Outcomes