Author Topic: Authentication against Active Directory  (Read 1293 times)

ogi

  • EA Novice
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
Authentication against Active Directory
« on: September 22, 2011, 03:47:27 pm »
Hello,

When making a project secure, I know that we can import users from Active Directory (AD).  But it seems that EA only imports the username, but it does not authenticate against AD. After user import, we must assigned a password to the imported user.

Is there a way to authenticate against AD? Is there any other setting that I missed?

Regards,

Geert Bellekens

  • EA Guru
  • *****
  • Posts: 8204
  • Karma: +193/-23
  • Make EA work for YOU!
    • View Profile
    • Enterprise Architect Consultant and Value Added Reseller
Re: Authentication against Active Directory
« Reply #1 on: September 22, 2011, 04:49:25 pm »
There's a big checkbox named "Accept Windows Authentication" on the user dialog; it's kind of hard to miss :-?

Geert

ogi

  • EA Novice
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
Re: Authentication against Active Directory
« Reply #2 on: September 22, 2011, 04:54:00 pm »
Quote
There's a big checkbox named "Accept Windows Authentication" on the user dialog; it's kind of hard to miss :-?

Yes, I saw that checkbox. The ticking the checkbox activates the "import" button just below it, and that is why I was able to import users from AD.

However, it only imports the username, it doesn't authenticate against AD. We knew this because the users cannot use their AD password, we had to set password for each user.

 
« Last Edit: September 22, 2011, 04:57:42 pm by ogi »

Geert Bellekens

  • EA Guru
  • *****
  • Posts: 8204
  • Karma: +193/-23
  • Make EA work for YOU!
    • View Profile
    • Enterprise Architect Consultant and Value Added Reseller
Re: Authentication against Active Directory
« Reply #3 on: September 22, 2011, 04:57:35 pm »
If you use the "Accept Windows Authentication" then you don't set a password for the user.
They are also not required to explicitly login into EA as EA accepts the windows authentication.
I'm sure there's a whole section in the manual about that...

Geert

ogi

  • EA Novice
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
Re: Authentication against Active Directory
« Reply #4 on: September 22, 2011, 05:08:15 pm »
No, we did not set password initially with checkbox ticked. But as I said, since the users could not use their AD password, we ended up setting password for the users in EA.

Page 200-201 of the User Manual describes about Importing users from Active Directory, but does not describe about authenticating against AD.

I haven't seen anywhere in the manual regarding authenticating against AD, only importing users from AD.
« Last Edit: September 22, 2011, 05:08:46 pm by ogi »

Geert Bellekens

  • EA Guru
  • *****
  • Posts: 8204
  • Karma: +193/-23
  • Make EA work for YOU!
    • View Profile
    • Enterprise Architect Consultant and Value Added Reseller
Re: Authentication against Active Directory
« Reply #5 on: September 22, 2011, 05:47:13 pm »
See http://www.sparxsystems.com/enterprise_architect_user_guide/9.0/projects_and_teams/managingusers.html

EA should not prompt for username or password at all if the userID of the logged on windows user matches the userid defined in EA.

Geert

ogi

  • EA Novice
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
Re: Authentication against Active Directory
« Reply #6 on: September 22, 2011, 06:42:10 pm »
This is exactly the same as the one in Page 200-201, in the User Manual PDF. We've followed the instructions.

It should not prompt for user id & password, but it did.

Anyway, thank you Geert for your answers. We may have to investigate this further, we may have to check with the user to see whats going on on her PC.

Luis J. Lobo

  • EA User
  • **
  • Posts: 248
  • Karma: +0/-0
  • IT Consultant
    • View Profile
Re: Authentication against Active Directory
« Reply #7 on: September 23, 2011, 01:33:01 am »
Have you set the username in the users list of EA as follows?

DOMAIN_NAME\username

skiwi

  • EA Practitioner
  • ***
  • Posts: 1730
  • Karma: +35/-50
    • View Profile
Re: Authentication against Active Directory
« Reply #8 on: September 27, 2011, 06:18:06 am »
We are having problems (909) with EA prompting for user id/pw even though windows authentication is set.
I have just reported this as a bug.
It seems intermittent, happens on some .eap models, but not others
« Last Edit: September 27, 2011, 06:21:49 am by skiwi »
Orthogonality rules
Using EA12.1 (1229) on Windows 10 Enterprise/64 bit. Repositories in SQLServer2014 R2 & Access2003/JET4.0

qwerty

  • EA Guru
  • *****
  • Posts: 9425
  • Karma: +150/-138
  • I'm no guru at all
    • View Profile
Re: Authentication against Active Directory
« Reply #9 on: September 28, 2011, 07:58:16 am »
I have the same problem (jet encountered). I created an EAP on one machine where I imported users from AD. When using that model on another machine EA asks for the user/pw although (when logging on as admin) it clearly shows all imported users.

We used authorisation some time ago on a MySQL where it worked with no problems.

I'll try to rebuild the EAP on another machine and see what happens.

Using build 909.

q.

skiwi

  • EA Practitioner
  • ***
  • Posts: 1730
  • Karma: +35/-50
    • View Profile
Re: Authentication against Active Directory
« Reply #10 on: September 28, 2011, 09:58:28 am »
Prompt help from Sparx allowed me to resolve my issue:

"Maintain Users" topic in EA help (specifically the "Notes" section at the bottom of the page).  
... "As a security measure, the Accept Windows Authentication checkbox is automatically deselected if the project .eap file is moved to a different location. Once the file has been relocated, you can select the checkbox again to apply Windows authentication from the new database."

When this issue occurs, please try disabling then re-enabling the Accept Windows Authentication option, then restart EA.
« Last Edit: January 06, 2012, 06:58:05 am by skiwi »
Orthogonality rules
Using EA12.1 (1229) on Windows 10 Enterprise/64 bit. Repositories in SQLServer2014 R2 & Access2003/JET4.0

qwerty

  • EA Guru
  • *****
  • Posts: 9425
  • Karma: +150/-138
  • I'm no guru at all
    • View Profile
Re: Authentication against Active Directory
« Reply #11 on: September 28, 2011, 06:36:08 pm »
Which in our case is not possible since we copy the EAP as a template in a batch. And the automation does not provide en-/disabling security.

q.

Geert Bellekens

  • EA Guru
  • *****
  • Posts: 8204
  • Karma: +193/-23
  • Make EA work for YOU!
    • View Profile
    • Enterprise Architect Consultant and Value Added Reseller
Re: Authentication against Active Directory
« Reply #12 on: September 28, 2011, 06:44:43 pm »
Can't you do an update on the database or something?

Geert

qwerty

  • EA Guru
  • *****
  • Posts: 9425
  • Karma: +150/-138
  • I'm no guru at all
    • View Profile
Re: Authentication against Active Directory
« Reply #13 on: September 29, 2011, 05:08:54 am »
How, which, when? When I was still a young hacker I would compare the database contents after en-/disabling security and guess the magic that is done inside EA. But I do not have that time any more. As written in a related post the t_secpolicies is part of the magic, but not completely. For the time being I can live with an artificial user.

q.