NOVELL FORUMS
Support Home Communities Home   FAQ Members List Calendar Search Today's Posts Mark Forums Read

 
 
LinkBack Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 02-Jul-2008, 08:58 AM
Junior Member
  
Join Date: Dec 2007
Posts: 18
nsanson is on a distinguished road
Default SSO Credential Provisioning
Hi to all,

I'm writing this post to discuss with you about the Credential Provisioning from a Subscriber Channel.
After a couple of tests I'm able to write some Credentials inside my SecretStore. Instead i'm not able to write the credentials inside the Server SecureLogin logins informations.

with this rule i'm able to write inside the Secret Store the GINACredentials

<do-set-sso-credential app-id="GINACredentials" store-def-dn="..\SStoreCredentialRepository">
<arg-dn><token-local-variable name="fullyqlfdsrcdn"/>
</arg-dn>
<arg-string name="Username">
<token-attr name="DirXML-ADAliasName"/>
</arg-string>
<arg-string name="Password">
<token-attr name="nspmDistributionPassword"/>
</arg-string>
<arg-string name="SecretType">
<token-text xml:space="preserve">C</token-text>
</arg-string>
</do-set-sso-credential>

Because of AD automatic credential naming convention, i cannot use the SecretStore to provision Credentials as
5C5CNovell.com5CWindowsClient32:NMASv.1.05C<MACHIN ENAME>C<NTACCOUNT>

I've tried to use the NSL Repository, but i don't know if this is a right procedure when i've already a SecretStore installed. I would only be able to update the SSO Login informations from the AD Driver. I tried this code:

<do-set-sso-credential app-id="WINLOGON.EXE" store-def-dn="..\NSLCredRepository">
<arg-dn><token-local-variable name="fullyqlfdsrcdn"/>
</arg-dn>
<arg-string name="Username">
<token-attr name="DirXML-ADAliasName"/>
</arg-string>
<arg-string name="Password">
<token-attr name="nspmDistributionPassword"/>
</arg-string>
</do-set-sso-credential>


In this way when a user change his password, when he authenticates himself the Credential would be already updated.
It doesn't work. This policy returns

" Couldn't perform SSO operation <do-set-sso-credential>: '4444:ERROR (provisionNSLAccount): General Exception: java.lang.NullPointerException'."

Is this error thrown because we have not a NSL Repository? There is another way to write the AD Credential inside a user that is changing his password?

Thank you in advance.

Natan Sanson
Reply With Quote
 

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Threaded Mode Threaded Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -6. The time now is 02:56 AM.
Contact Us - NOVELL FORUMS - Archive - Privacy Statement - Top

© 2007 Novell, Inc. All Rights Reserved.

SEO by vBSEO 3.1.0