Forum Discussion

bc1410's avatar
bc1410
Level 6
8 years ago

You are not an authorized Clearwell user message

Hello

So I have two clearwell servers that are set up for ldap and I wanted to set them up for  "Header Base Authentication"   I can get only one of the two servers to authenticate via header based.  The other one looks as if its going to work as I get to the Clearwell display screen but I get the following message. 

You are not an authorized Clearwell user. Please contact your Clearwell administrator for assistance.

I cant figure this out for the life of me.   The property browser settings ARE IDENTICAL for both servers.   I thought maybe my clearwell enterprise interface user account profile may be corrupt but I dont think it is as I can log into the cw interface via http://testing.fake.com/esa/public/login.jsp without any problems.  Any help or suggestions are appreciated.   Im still learning this product and seem to keep hitting bumps in the road. 

here are the current property browser settings:

sa.admin.jmx.host * = @qualifiedHostname
esa.auth.header.allowedHosts = 00.00.00.00      --->   I have zero'd out the ip address
esa.auth.header.enabled = true
esa.case.backupDir * = \\clearwell\d\cw\v811\casebackups\test
esa.case.sharedBackupDir = false
esa.ldap.connectionURL = ldap://testing.fake.com:389
esa.ldap.createUnknownUsers = false
esa.ldap.enabled = true
esa.ldap.referrals = follow
esa.ldap.roleSubtree = true
esa.ldap.user.email = mail
esa.ldap.user.fullName = displayName
esa.ldap.user.username = CN
esa.ldap.userBase = DC=XXX,DC=fake,DC=com
esa.ldap.userPrefixSearch = (&(objectClass=user)(|(sAMAccountName={0}*)(displayName={0}*)(mail={0}*)))
esa.ldap.userSearch = (CN={0})
esa.ldap.userSubtree = true
esa.pstexport.max_file_size * = 500
esa.ui.search.sortUnscoredSearchByDate = true
esa.ui.show_all_users_to_case_admins = true
esa.upgrade.patchRepo.baseDir * = \\%[master.host.name]\d$\CWShared\PatchRepo
esa.uploader.customerID * = XXXXXXXXXX

  • bc1410's avatar
    bc1410
    8 years ago

    Hey Jimmy -

    Sorry I should have came back and reposted.   Well I did finally figure out my dilema.   Kind of an overlook on my part..  I didnt realize it until I went into the Clearwell ADVANCE  Settings (password protected) and noticed the optional header base Auth option "esa.auth.headerName" which does not show up on the property browser config settings actually was populated with "HTTP_USER".   So all the other servers had "USER".  Once I made the change to reflect the other server I was good.

    I just assume since CW states that these options are optional and I was thinking that if they did have a value with them, when looking on the regular  (non passwd) property browser settings that these optional settings would have showed up.  But I guess not...Maybe Clearwell should change its documentation and talk about the hidden advanced properties and clarify that if its optional and that if you populate that optional option then you still need to go into the advance settings.

    Thanks Jimmy for the reply and help as always.

     

     

  • Hello bc1410,

    First thought is that the user profile that you successfully logged in with is set as local vs enterprise (LDAP). Check the profile to make sure. It should be set to enterprise to make it an LDAP profile. When you do and if you are not able to edit the profile whereby you get a prompt that the enterprise user not found in LDAP, refer to this article Unable to edit Users in eDiscovery Platform http://www.veritas.com/docs/000100639.

    This is what I have to suggest, at the moment, based off of the Next Steps note in the Configuring Header-based Authentication section of the System Admin Guide that says "To verify header-based authentication is set correctly, add a user account to the eDiscovery platform and then attempt to access the eDiscovery application through the reverse-proxy SSO server using this account. You should be granted access."

    • bc1410's avatar
      bc1410
      Level 6

      Thanks James for your reply..

       

      Yes the user / users are Enterprise Users.  These are the same users that I have set up to use header based authentication successfully on another server.  

      • JimmyClearwell's avatar
        JimmyClearwell
        Level 5

        Sorry for the late response, bc1410. I was curious to know if you'd had any luck since your last comment?