No password enforcement in the portal despite security being enabled

Document ID:  TEC1398486
Last Modified Date:  06/12/2017
{{active ? 'Hide' : 'Show'}} Technical Document Details

Products

  • CA Identity Governance

Releases

  • CA Identity Governance:Release:12.6

Components

  • GovernanceMinder(Role & Compliance Manager):SGRM
Problem:

With the requirements being to secure Identity Governance portal, we have applied the following configuration

- We configured sage.security.disable to be false and restart the application server.

- We configured SSO authentication

While we can see in the eurekify.log *** Eurekify Security is ENABLED ***

Yet, we are able to use any password for the users - there is no actual verification of password value. Any password allows us to login to the portal.

Environment:
Identity Governance 12.6 Identity Governance 14
Cause:

Setting sage.security.disable to false, the product switches to the Default Deny security method.
Only functionality that is explicitly permitted is visible and enabled for the user.
This has an effect on accessibility rather than password content verification.
Usually, in Production environments, an external authentication source (such as AD/LDAP/IdentityMinder) will be configured to control the managers and reviewers authentication.
When any of the external authentication sources is in place, password verification does take place.
As long as no external authentication source is configured, the assumption is that the software is used in trial / demo mode therefore lower security enforcement is in place.

Resolution:

The only way to enforce password validation (for any / all users) is to enable external authentication - with this enabled, then the password for AD1\ EAdmin (as well as all other users) will be verified.
To trigger password verification (for AD1\EAdmin as well as SSO users) we can set
sage.security.disable.IMAuthentication=false

Please help us improve!

Will this information enable you to resolve your issue?

Please tell us what we can do better.

{{feedbackText.length ? feedbackText.length : '0'}}/255

{{status}}

Not what you were looking for?

Search Again >

Product Information

Support by Product >

Communities

Join a Community >