[IAG] AD domain script single sign-on becomes Sangfor forwarding online – no external authentication server added
Problem Description
The user script single sign-on is online, and the online user displays the authentication method as "forwarded by a certain company";
237325d2f3cb96a176.png (89.68 KB)
Process——
-
When the user goes online, the authentication method is displayed as "forwarded by a certain company", but the group to which he belongs is not a domain user, but a local group, and the group name contains domain name information;
-
Check the script running log in %appdata%. The log shows that the user's single sign-on is successful;
90635d2f3e159bdc7.png (29.7 KB) -
Check the configuration. No domain server is configured, so there is no domain user on the IAG.
Root cause
Script single sign-on is the same as a company forwarding authentication. It sends authentication information to the IAG through port 1775 or 1773. If the domain organizational structure is not synchronized on the IAG, domain users may be considered as forwarding authentication by a company after they go online.
solution
Create a new domain authentication server and synchronize the domain organization structure to the IAG.
Original Link
https://support.sangfor.com.cn/cases/list?product_id=22&type=1&category_id=6996&isOpen=true