Adaxes

ADAXES and HA-DR Web interface

0 votes

I am trying to build a 3 node HA/DR setup with 2 nodes behind an F5 at our main colo and then the 3rd at our DR site...having issues with the SSO for the selfservice...before I put it behind the F5 I am having issues with node 2 working with the shared FQDN...Ideally I would like something like password.domain.local to point to the VIP and then if something should happen, have a short TTL and execute a DNS change to our DR site (till we get F5 GTMs)

thoughts???

oh and if I goto the server by shortname, SSO works...both boxes are trusted for delegation and SPNs are identical excluding ports...

the methods I am testing with is adjusting with HOSTS and the A record, verifying its flushed and TTL has WELL expired

:roll:

by (490 points)

1 Answer

0 votes
by (216k points)

Hello,

Adaxes uses the Kerberos authentication mechanism for SSO. Take a look at the following article that describes how to set up Kerberos delegation with F5: http://support.f5.com/kb/en-us/products ... ation.html. Make sure that you've completed all the steps listed in the article to enable Kerberos authentication in your F5 farm.

Also, if you performed all the steps as described in the article, but still cannot get SSO working, the reason can be that the Kerberos ticket cache on your computer is full. Try purging the Kerberos ticket cache on the computer, from which you are trying to view the Web Interface. For this purpose, do the following:

  1. On the computer, from which you are trying to access Adaxes Web Interface, start Windows Command Prompt (cmd.exe).
  2. In the Command Prompt console, type:
    klist purge
  3. Press Enter.
  4. Answer Yes (Y) to all confirmations.

Related questions

0 votes
1 answer
Web Interface and Administration Console in DMZ Setup

I've got a few questions regarding the setup for the web interface and admin console in the DMZ found here. If we don't want the Admin Console accessible outside the network ... users also hit the RODC in the DMZ or would they use the internal DCs? Thanks!

asked May 5, 2020 by scoutcor (120 points)
0 votes
1 answer
Allowing 365 Group Owners to modify membership through Adaxes Web Interface?

We have several Office 365 groups where the someone is an Owner but not a Member, and we'd like to give them the ability through the web interface to give them the ability ... option in the web interface to allow them to add or remove users via a custom task?

asked Nov 1, 2023 by PaulO (20 points)
0 votes
1 answer
Is there a way to integrate sharepoint sites in adaxes to create a web facing interface for users to see all sites?

We get Sharepoint Online requests for access to sites/folder/content. Is there a way to automate this task?

asked Jul 10, 2023 by dharry (20 points)
0 votes
1 answer
how do I find my web interface component executable or reInstall it where my adaxes console resides?

Salutations, We have an Adaxes server that we use that was setup by someone whom is no longer with us. There is a section in the web interface that a standard user uses ... standard users fill out on one of the web pages Adaxes has setup in IIS. Suggestions?

asked Jan 16, 2023 by jkaufman-lr (20 points)
0 votes
1 answer
How do extend Adaxes Web interface user session timeout in Adaxes 2020.1

Try to look into extending the timeout of the web interface on Adaxes

asked Jul 7, 2022 by Vish539 (310 points)
3,346 questions
3,047 answers
7,781 comments
544,981 users