Privileged group members not redirected to Admin Console on login

Tagged: , ,

This topic has 3 replies, 3 voices, and was last updated 7 years, 9 months ago by Scott Heger.

  • Author
    Posts
  • #3029
     gary.rasmussen
    Participant

    After creating a privileged group in OpenAM 12 and adding users, Those users do not get directed to the Admin Console page upon login.

    FR Support has confirmed this is not working properly as it did in previous versions.

    The steps to create the privileged group are found under Procedure 2 here: http://openam.forgerock.org/doc/webhelp/admin-guide/manage-realms.html

    #3032
     Peter Major
    Moderator

    Not sure if there was a question in there. At the moment XUI follows the login-success-url value (let it be global/realm/user specific. Setting up user specific login URL is a possible workaround for this problem.
    The main problem lies within the fact that it is very much difficult for OpenAM to figure out if a user has privileged access to the administration console, and it’s not something that can be easily exposed through REST (I think).
    I assume at one point there will be a resolution for this, until then as a last resort you still have the ability of switching back to the legacy UI (or just create bookmarks that has goto pointing to the admin console…) if this is really that big of an issue..

    #3037
     gary.rasmussen
    Participant

    Thanks Peter,
    there wasn’t a question there, it was more for notification.

    In the particular use-case we are using AD as the identity repository to utilize the existing company administrators(AD group). The intent was to use a privileged admin group since AD will be considered read only from the OpenAM standpoint.

    Since we cant write to AD(from openam per company directive), and AD will remain the identity repository for this realm, we are pretty well stuck.

    Setting the success URL for each user is possible but not a viable solution(number of administrators).

    How do I switch back to the legacy UI with out switching back to Version 11.2?

    #3039
     Scott Heger
    Participant

    Gary,

    Go to Configuration -> Authentication -> Core. At the bottom of the Global Attributes section there is a checkbox to disable the XUI interface. That will switch you back to the legacy UI.

    Regards,
    Scott

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?