Subscribe for automatic updates: RSS icon RSS

Login icon Sign in for full access | Help icon Help
Advanced search

Pages: [1]
  Reply  |  Print  
Author Topic: Version 2.50.26 build 5028.138 Broken @LUSR and Kerberos  (Read 8559 times)
carl k.
Posts: 8


« on: February 16, 2017, 02:09:27 am »

HI guys ,
in previous version we were able to specify @LUSR on standard authentication and then flick to Kerberos Authentication and put the realm in , and it would apply both to the config.xml .  (so it would force usernames to lowercase to be passed through to the SSO login)

In this version of the GDC it seems as if no matter what I do with a NEW shortcut , it does not obey the @LUSR unless you have kerberos turned off , which is no good .

the old shortcuts work as long as I dont edit them ,

If I duplicate an old shortcut and edit the hostname and Command and hit finish it does not work .
If I edit the program files/fourjs/gdc/etc/config.xml file directly and copy a <shortcut>  tree and edit the hostname ,shotcutname and command it also does not work .
I can see that the username is being passed through to the server in Mixed Case , which is the windows AD user logon name (set by the system for upper lower case), not the pre-windows 2000 logon name which can be controlled for upper and lowercase .

Question - is there a config.xml file that is created for each user ? and where is it ?


Exception - If I right click and run the GDC as an administrator account it seems to work and keeps the @LUSR and Kerberos settings .

Carl


Lionel F.
Four Js
Posts: 82


« Reply #1 on: February 16, 2017, 03:58:07 pm »

Hi Carl,

Yes I confirm there were many some applied for Kerberos mainly in GDC 2.50.24 (GDC#3179 and GDC#3211)
See: https://4js.com/support/issue/?id=&product=GDC&stat=CLOSED&fixed_in=2.50.24&words=&Search=Search#startissue

Now indeed, GDC is using the exact system UserName of the user for the Kerberos ticket. So, even if the user logs in on Windows by typing "johnsmith" whereas the real system username is "JohnSmith" (this is authorized by Windows...), GDC will forward the Kerberos ticket as "JohnSmith". But if you specify @LUSR in username field, my assumption is that it should still convert the username  to lower case.  If  it's not the case, then perhaps we have a problem.....in order to have a better follow-up and to not "spoil" the forum, may I ask you to contact your support center for opening a new support ticket? Of course, I'll inform the forum afterwards of the conclusions.

Thanks!

Best regards,
Lionel
Lionel F.
Four Js
Posts: 82


« Reply #2 on: February 17, 2017, 10:37:55 am »

Hi Carl,

I just wanted to get back to you before you open a support ticket. I think I didn't clarify the point concerning the config.xml, sorry for that. My assumption is, since your GDC is installed in c:\program files, you cannot write to config.xml which is in %GDCDIR%\etc (note that in v3, config.xml is now in %APPDATA%, thus you should be able to write to it independently of where GDC is installed). So in this case, shortcuts are stored in the registry. And then indeed it's stored by user in HKEY_CURRENT_USER\SOFTWARE\Four Js\Genero Desktop Client\Shortcuts.

BTW, I read again what you said about the username which is transmitted to the server. It looks like you expect to get the pre-windows 2000 logon name (SAM-Account-Name I think) . Actually, yes there has been a change on this point due precisely to the fixes we made for GDC 2.50.24 . This has been fixed in GDC 2.50.28. You need to use a new tag which is called @LEGACYUSR . However, I'm not sure you'll be able to transmit it entirely in lower case to the server. It requires to be tested. If you cannot access to a more recent GDC version than GDC 2.50.26, please contact your support center which should be able to provide you the latest package.

Best regards,
Lionel

carl k.
Posts: 8


« Reply #3 on: February 20, 2017, 12:21:05 am »

Hi Lionel,
We have predefined config.xml files that we install on our users , these work fine , they were created on 2.32 and 2.4 , in these versions as an admin , you could edit the standard authentication and put @LUSR in and then switch to Kerberos authentication and it would keep the @LUSR option and you could see it changing the username to lowercase for a Kerberos login. .  We need to create some new shortcuts and we are now using 2.5 , as admin when you now enter @LUSR in standard and then switch to Kerberos authentication , it loses the @LUSR setting and the username passed through is the mixed case username. I have managed to hard edit a config.xml file to include both settings as per the previous shortcuts and it is working, but if I edit any shortcut it then loses the @LUSR again and I have to hard edit it .


I will request the latest 2.5 and 3.0 versions of GDP from our vendor as well.

Carl Keogh
carl k.
Posts: 8


« Reply #4 on: February 23, 2017, 07:35:15 am »

Hi Lionel ,
i can confirm that this is still occurring in 2.50.31 build 5028.166

the @LUSR setting is being lost when editing any shortcut

Carl
Lionel F.
Four Js
Posts: 82


« Reply #5 on: March 03, 2017, 09:22:08 am »

Hi Carl,
Did you already open a support ticket? I think this will require deeper investigations...Of course I'll give conclusions of it in this thread.

Thanks!

Best regards,
Lionel
Pages: [1]
  Reply  |  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines