search

lithnet / access-manager

Access Manager provides web-based access to local admin (LAPS) passwords, BitLocker recovery keys, and just-in-time administrative access to Windows computers in a modern, secure, and user-friendly way.
Other
238 stars 20 forks source link

Issue with reinstall #203

Closed afscme-kmchugh closed 1 year ago

afscme-kmchugh commented 1 year ago

Had to reinstall access manager on same server and now I'm having issues with authentication. Tested windows intergraded and Azure AD. Getting message "Your request could not be processed because your SSO identity could not be found in the directory" Log files have a lot of these messages.

2023-04-26 13:10:35.1819|TRACE|1164|00-ffd5f44dfad25acd470627f285af5bfa-d87faa6aefc8d9a9-00|172.18.24.12||Lithnet.AccessManager.WebApp.Controllers.HomeController|AuthN error from 172.18.24.12 2023-04-26 13:10:35.2618| INFO|1164|00-ffd5f44dfad25acd470627f285af5bfa-d87faa6aefc8d9a9-00|172.18.24.12||Lithnet.AccessManager.Enterprise.AmsLicenseManager|No license information was found on the system 2023-04-26 13:10:40.4393|TRACE|1164|00-7fefa90e0925cd9f08dac28d7258a59c-608b9977900fefd8-00|172.18.24.12||Lithnet.AccessManager.WebApp.Authentication.OidcAuthenticationProvider|Attempting to find a match in the directory for externally provided claim http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn:user@domain.com 2023-04-26 13:10:40.4473|ERROR|1164|00-7fefa90e0925cd9f08dac28d7258a59c-608b9977900fefd8-00|172.18.24.12||Lithnet.AccessManager.WebApp.Authentication.OidcAuthenticationProvider|There was an exception processing the response from the external identity provider System.ArgumentNullException: Value cannot be null. (Parameter 'value') at System.Security.Claims.Claim..ctor(String type, String value, String valueType, String issuer, String originalIssuer, ClaimsIdentity subject, String propertyKey, String propertyValue) at System.Security.Claims.Claim..ctor(String type, String value) at Lithnet.AccessManager.WebApp.Authentication.HttpContextAuthenticationProvider.AddAuthZClaims(IActiveDirectoryUser user, ClaimsIdentity identity) in D:\a\1\s\src\Lithnet.AccessManager\Lithnet.AccessManager.WebApp\Authentication\HttpContextAuthenticationProvider.cs:line 22 at Lithnet.AccessManager.WebApp.Authentication.IdpAuthenticationProvider.FindClaimIdentityInDirectoryOrFailAsync[T](RemoteAuthenticationContext`1 context) in D:\a\1\s\src\Lithnet.AccessManager\Lithnet.AccessManager.WebApp\Authentication\IdpAuthenticationProvider.cs:line 66 2023-04-26 13:10:40.4473|TRACE|1164|00-d66960e8f25c5860a1fdae44d2331469-63f476cacc9f3350-00|172.18.24.12||Lithnet.AccessManager.WebApp.Controllers.HomeController|AuthN error from 172.18.24.12

ryannewington commented 1 year ago

@afscme-kmchugh can you confirm you are running the latest version v2.0.9420?

Is the Access Manager Service account a member of the Windows Authorization Access group in the relevant domains?

This issue is appearing because AMS can't read one of the properties of the user account from AD. Either the msds-PrincipalName or objectSID attributes

stale[bot] commented 1 year ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs.