Hi,
When I installed Integrity Server, I followed the instructions to connect the Integrity security layer to our Active Directory. And it works great. If a user wants to use Integrity, it just enters his usual Windows login and password and it works.
But, if the same user tries to connect the same Integrity Server through the Eclipse module, it fails.
The users faces the following error message:
com.mks.api.response.APIConnectionException: Failed to establish a session: Session not authenticated/authorized
And the Integrity Server log contains the following trace:
ERROR [mksis.IntegrityServer] * * * * ERROR * * * * (0): ICAllowSpecificConnectionPolicy failed the connection. Connection: <IP @>: is not on the list of acceptable machines.
I tried to add the following line to the security properties file:
mks.security.policy.scheme.<IP subnet>=windows_clear
But this doesn't fix the issue. Any advice would be greatly appreciated. Thanks.
romuald
Solved! Go to Solution.
This sounds like a problem with the API connecting to the Integrity Server. Check the settings in the <server install dir>/config/client/IntegrityClientSite.rc file. The default setting allows only a specific set of IP addresses to connect, so you need to either change the policy to allow all connections, or add in the user's IP address. You can find more information on configuring the API connections here.
Regards,
Ann
This sounds like a problem with the API connecting to the Integrity Server. Check the settings in the <server install dir>/config/client/IntegrityClientSite.rc file. The default setting allows only a specific set of IP addresses to connect, so you need to either change the policy to allow all connections, or add in the user's IP address. You can find more information on configuring the API connections here.
Regards,
Ann
Thanks Ann, we've made some progresses thanks to you. As we are a very small team and our server is not visible outside, I set the "Allow All Connection" policy.
Now, we're facing a new issue. I setup the Integrity Server security model to authenticate users on our Active Directory server. This works well for people connecting the server with the Integrity client.
But in the IntegrityClientSite.rc, I don't see any "daemon.authenticationPolicy" strategy to match our configuration. Or I make a mistake and it doesn't work like this.
Any idea? Thanks.
romuald
Unless you set the authenticationURL, the api connection will use the authentication settings for the Integrity Server as set in the security.properties file. Is the user seeing a new error?
Yes, "connection refused". But he can connect the Server through the official Client without any issue. So the server security model works, it's just connecting through the API seems to work in a different way. Or I'm missing something...
That's probably the way we use the Eclipse module to connect Integrity Server.
Don't hesitate to reply, but I won't be able to answer until the next monday. And thanks for the help.
romuald
Update: we've just seen this concerns a specific user, so we have to investigate on our side. I'll put this thread answered. Thanks Ann.