We are having an issue where we cannot authenticate to our Java app with the proxy accounts sync'd from our parent AD domain.
[our environment]
We have an OU within an AD environment, which we have limited rights. In order to maintain security, we stood up a ADAM environment for our internet-facing Java(JBoss) web application. Local accounts in ADAM are for our vendor. We perform ADAMsync to grab the proxy accounts from our AD OU.
[how we have designed it on paper to work]
We have had success with local ADAM accounts. However, we have failed at each login attempt while attempting to use proxy accounts. We did notice that the Java app was coded to use the CN attribute. Furthermore, we noticed that CN=login ID with our local ADAM accounts, per our setting...which differed from the sync'd proxy accounts where CN=First Name, Last Name....obviously this wouldn't work(character limits in login field of app)...so we changed the Java(JBoss) code to use the samAccountName attribute, which is a matched login ID on both sides(ADAM/AD). This still failed. We even attempted to bind using samAccountname attribute during our Adamsync but could not. Lastly, we attempted to use the UserPrincipalName attribute...but that failed as well.
What are we missing guys?!
Please help.
Bookmarks