This topic has 3 replies, 3 voices, and was last updated 7 years, 6 months ago by Scott Heger.
-
AuthorPosts
-
February 9, 2015 at 8:43 pm #3029
gary.rasmussen
ParticipantAfter creating a privileged group in OpenAM 12 and adding users, Those users do not get directed to the Admin Console page upon login.
FR Support has confirmed this is not working properly as it did in previous versions.
The steps to create the privileged group are found under Procedure 2 here: http://openam.forgerock.org/doc/webhelp/admin-guide/manage-realms.html
February 9, 2015 at 8:59 pm #3032Peter Major
ModeratorNot sure if there was a question in there. At the moment XUI follows the login-success-url value (let it be global/realm/user specific. Setting up user specific login URL is a possible workaround for this problem.
The main problem lies within the fact that it is very much difficult for OpenAM to figure out if a user has privileged access to the administration console, and it’s not something that can be easily exposed through REST (I think).
I assume at one point there will be a resolution for this, until then as a last resort you still have the ability of switching back to the legacy UI (or just create bookmarks that has goto pointing to the admin console…) if this is really that big of an issue..February 9, 2015 at 9:57 pm #3037gary.rasmussen
ParticipantThanks Peter,
there wasn’t a question there, it was more for notification.In the particular use-case we are using AD as the identity repository to utilize the existing company administrators(AD group). The intent was to use a privileged admin group since AD will be considered read only from the OpenAM standpoint.
Since we cant write to AD(from openam per company directive), and AD will remain the identity repository for this realm, we are pretty well stuck.
Setting the success URL for each user is possible but not a viable solution(number of administrators).
How do I switch back to the legacy UI with out switching back to Version 11.2?
February 9, 2015 at 10:51 pm #3039Scott Heger
ParticipantGary,
Go to Configuration -> Authentication -> Core. At the bottom of the Global Attributes section there is a checkbox to disable the XUI interface. That will switch you back to the legacy UI.
Regards,
Scott -
AuthorPosts
You must be logged in to reply to this topic.