cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

You are not an authorized Clearwell user message

Go to solution
bc1410
Level 5

‎12-14-2016 02:06 PM

Hello

So I have two clearwell servers that are set up for ldap and I wanted to set them up for  "Header Base Authentication"   I can get only one of the two servers to authenticate via header based.  The other one looks as if its going to work as I get to the Clearwell display screen but I get the following message. 

You are not an authorized Clearwell user. Please contact your Clearwell administrator for assistance.

I cant figure this out for the life of me.   The property browser settings ARE IDENTICAL for both servers.   I thought maybe my clearwell enterprise interface user account profile may be corrupt but I dont think it is as I can log into the cw interface via http://testing.fake.com/esa/public/login.jsp without any problems.  Any help or suggestions are appreciated.   Im still learning this product and seem to keep hitting bumps in the road. 

here are the current property browser settings:

sa.admin.jmx.host * = @qualifiedHostname
esa.auth.header.allowedHosts = 00.00.00.00      --->   I have zero'd out the ip address
esa.auth.header.enabled = true
esa.case.backupDir * = \\clearwell\d\cw\v811\casebackups\test
esa.case.sharedBackupDir = false
esa.ldap.connectionURL = ldap://testing.fake.com:389
esa.ldap.createUnknownUsers = false
esa.ldap.enabled = true
esa.ldap.referrals = follow
esa.ldap.roleSubtree = true
esa.ldap.user.email = mail
esa.ldap.user.fullName = displayName
esa.ldap.user.username = CN
esa.ldap.userBase = DC=XXX,DC=fake,DC=com
esa.ldap.userPrefixSearch = (&(objectClass=user)(|(sAMAccountName={0}*)(displayName={0}*)(mail={0}*)))
esa.ldap.userSearch = (CN={0})
esa.ldap.userSubtree = true
esa.pstexport.max_file_size * = 500
esa.ui.search.sortUnscoredSearchByDate = true
esa.ui.show_all_users_to_case_admins = true
esa.upgrade.patchRepo.baseDir * = \\%[master.host.name]\d$\CWShared\PatchRepo
esa.uploader.customerID * = XXXXXXXXXX

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
bc1410
Level 5
In response to JimmyClearwell

‎01-04-2017 08:24 AM

Hey Jimmy -

Sorry I should have came back and reposted.   Well I did finally figure out my dilema.   Kind of an overlook on my part..  I didnt realize it until I went into the Clearwell ADVANCE  Settings (password protected) and noticed the optional header base Auth option "esa.auth.headerName" which does not show up on the property browser config settings actually was populated with "HTTP_USER".   So all the other servers had "USER".  Once I made the change to reflect the other server I was good.

I just assume since CW states that these options are optional and I was thinking that if they did have a value with them, when looking on the regular  (non passwd) property browser settings that these optional settings would have showed up.  But I guess not...Maybe Clearwell should change its documentation and talk about the hidden advanced properties and clarify that if its optional and that if you populate that optional option then you still need to go into the advance settings.

Thanks Jimmy for the reply and help as always.

 

 

View solution in original post

6 REPLIES 6

Go to solution
JimmyClearwell
Level 5
Employee Accredited Certified

‎12-14-2016 02:28 PM - edited ‎12-14-2016 02:30 PM

Hello @bc1410,

First thought is that the user profile that you successfully logged in with is set as local vs enterprise (LDAP). Check the profile to make sure. It should be set to enterprise to make it an LDAP profile. When you do and if you are not able to edit the profile whereby you get a prompt that the enterprise user not found in LDAP, refer to this article Unable to edit Users in eDiscovery Platform http://www.veritas.com/docs/000100639.

This is what I have to suggest, at the moment, based off of the Next Steps note in the Configuring Header-based Authentication section of the System Admin Guide that says "To verify header-based authentication is set correctly, add a user account to the eDiscovery platform and then attempt to access the eDiscovery application through the reverse-proxy SSO server using this account. You should be granted access."

Best Regards,
James Harris
Business Critical Engineer Veritas eDiscovery Platform
Business Critical Services
Veritas Technologies LLC

Go to solution
bc1410
Level 5
In response to JimmyClearwell

‎12-14-2016 02:38 PM

Thanks James for your reply..

 

Yes the user / users are Enterprise Users.  These are the same users that I have set up to use header based authentication successfully on another server.  

0 Kudos

Go to solution
JimmyClearwell
Level 5
Employee Accredited Certified
In response to bc1410

‎01-04-2017 06:45 AM

Sorry for the late response, @bc1410. I was curious to know if you'd had any luck since your last comment?

Best Regards,
James Harris
Business Critical Engineer Veritas eDiscovery Platform
Business Critical Services
Veritas Technologies LLC

Go to solution
bc1410
Level 5
In response to JimmyClearwell

‎01-04-2017 08:24 AM

Hey Jimmy -

Sorry I should have came back and reposted.   Well I did finally figure out my dilema.   Kind of an overlook on my part..  I didnt realize it until I went into the Clearwell ADVANCE  Settings (password protected) and noticed the optional header base Auth option "esa.auth.headerName" which does not show up on the property browser config settings actually was populated with "HTTP_USER".   So all the other servers had "USER".  Once I made the change to reflect the other server I was good.

I just assume since CW states that these options are optional and I was thinking that if they did have a value with them, when looking on the regular  (non passwd) property browser settings that these optional settings would have showed up.  But I guess not...Maybe Clearwell should change its documentation and talk about the hidden advanced properties and clarify that if its optional and that if you populate that optional option then you still need to go into the advance settings.

Thanks Jimmy for the reply and help as always.

 

 

Go to solution
JimmyClearwell
Level 5
Employee Accredited Certified
In response to bc1410

‎01-04-2017 10:15 AM

Glad to hear you got it sorted.

I assume that at some point the System Property setting esa.auth.headerName must have been populated at some point. If it was done through the Property Browser (not Property Editor from Advanced Support Features or added manually to the esa.properties file) you'd see the change listed in the D:\CW\V82\scratch\esa\changes_esa.properties files, e.g.

#Wed Jan 04 11:12:46 EST 2017
esa.export.joboutput.external=\\\\edp-app1\\Destination\\Exports
was=D\:\\Destination\\Exports

Just a few tidbits of info for what it's worth. At least you have the feature up and running. 

Best Regards,
James Harris
Business Critical Engineer Veritas eDiscovery Platform
Business Critical Services
Veritas Technologies LLC

Go to solution
bc1410
Level 5
In response to JimmyClearwell

‎01-04-2017 12:16 PM

Thank you Jimmy.    Will look at the changes_esa* file.  Like I have maybe mentioned before all of these clearwell servers and test clearwell servers where created and set up by people who are no longer here.  So tidbits like you provided are very helpful.. Thanks again