Role not working in SSLVPN traffic Policy
I'm trying to get our SSLVPN server to use Roles to control Traffic Policies assignments.
I've created a SSLVPN Policy container.
I have an Identity Server: Roles rule with the conditions being
If
Condition Group 1
If LDAP Group: [Current]
Comparison: LDAP Group : Is Member of
Value: LDAP Group cn=[path,to,group,name]
Result on Condition Error: False
Actions
Do Activate Role
[Role-name]
Then on the SSLVPN server under the Traffic Policies I have the [role-name] as an available role and so I've assigned three enabled Traffic Policies to depend on that [role-name]. Only I can't login to the SSLVPN even though I am a member of the group in question.
My guess is something is wrong in the Condition Group. The following things seem to be working in the midst of things. The ID Server can see the group as a search context in the local user store. The SSLVPN can see the role from the ID server as it is a pre-populated element in the Traffic Policy section of the SSLVPN's configuration.
So again I want a policy that assigns a given role if you are a member of a specific group for use in SSLVPN traffic policies.
thanks,
Andrew
|
Threaded Mode
