Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
ASGRD 2018 integration with Thycotic
#21
(30-01-2018, 02:33 PM)DevOma Wrote: @sylvain.hamel: Could you post me the complete error message - Thycotic support engineer wants to see the whole thing - or is it only a server name? You can send me more confidential data via private message if you want…


Hi,

ASG1.jpg is when I'm going to our load balancer (with public certificate)
ASG2.jpg is the error when I go directly to the server. (using our internal pki cert)

In both case, if I'm using a browser and connect to one or the other, I'm able to authenticate and obtain a token, but not from ASG product.  Hope this help.


Attached Files
.jpg   ASG1.JPG (Size: 102.87 KB / Downloads: 6)
.jpg   ASG2.JPG (Size: 79.27 KB / Downloads: 6)
Reply
#22
Could you please post the whole error from second image - you should find it in ErrorLogs - thanks again!
Regards/Gruss
Oliver
Reply
#23
Dear all,

we have a problem with the anonymous authentication to IIS for Thycotic Secret Server that ASG requires. 
For SSO in Secret Server it is necessary to enable windows authentication and disable anonymous and forms authentication.
Is it possible to change authentication scheme in ASG?

The error message is attached


Attached Files
.png   2018-02-02 10_25_37-Clipboard.png (Size: 29.25 KB / Downloads: 9)
Reply
#24
Patch is planned for today :-)
Regards/Gruss
Oliver
Reply
#25
The problem with anonymous authentication is not resolved in patch 1
Reply
#26
Ok - I'm sorry that it is not working for you...

So I guess you have activated "Active Directory Integration" in Thycotic Secret Server?

Enable Active Directory Integration Yes
Enable Integrated Windows Authentication Yes

Can you please confirm that? Then we will try to reproduce in our test environment...
Regards/Gruss
Oliver
Reply
#27
Yes, so it is. Here is the link to the Thycotic article for "Setting Up Integrated Windows Authentication".
https://thycotic.force.com/support/s/art...erver-10-0
Reply
#28
(31-01-2018, 03:47 PM)DevOma Wrote: Could you please post the whole error from second image - you should find it in ErrorLogs - thanks again!

Here it is:

An error occurred while making the HTTP request to https://myserver.domain.com/secretserver...rvice.asmx. This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server.
---------------------------

Server stack trace:
   at System.ServiceModel.Channels.HttpChannelUtilities.ProcessGetResponseWebException(WebException webException, HttpWebRequest request, HttpAbortReason abortReason)
   at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
   at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception rethrown at [0]:
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   at PlugInThycotic.ThycoticService.SSWebServiceSoap.Authenticate(String username, String password, String organization, String domain)
   at PlugInThycotic.Helper.ThycoticSync.GetSecretServerWebService(IWin32Window owner, ThycoticSyncProperties props, String& token)
   at PlugInThycotic.Helper.ThycoticSync.CreateThycoticSourceStructureList(IWin32Window owner, ThycoticSyncProperties props, List`1& syncList)
Reply
#29
@sylvain.hamel: I forwarded to Thycotic support - waiting for response

@JulianV: Test environment is not running as it should - we are still trying to fix it - could you please try to change the webservice url - you need access to https://yoursecretserverinstallation/winauthwebservices/sswinauthwebservice.asmx
Regards/Gruss
Oliver
Reply




Users browsing this thread: 1 Guest(s)