Knowledge Search


×
 

[STRM/ SA] External Authentication support

  [KB18202] Show Article Properties


Summary:

This article discusses the things that need to be considered when implementing external authentication, such as Radius or LDAP.

Solution:

Consider the following points when using external authentication:

  • Only one server is supported: There is only the ability to configure a single external authentication server, and there is not have an option for a backup server.
  • Users in the "admin" group will fall back to local authentication if the external server is not available. In this case, you will need to disable external authentication until the problem is resolved. To do this, perform the following:
    • Login as the "admin" user (using the admin user/password)
    • Assign the admin user account passwords
    • Once the problem is resolved, then re-enable external authentication.
  • User accounts must be created in JSA. Users in the external service who are not in JSA will not be able to login.
  • Time discrepancies will cause failed logins. JSA should be configured to use the same time source as the external authentication server.

 


If you are having issues with external authentication, turn on extended debugging as follows:

  1. Edit the file /store/configservices/staging/globalconfig/login.conf.
  2. Find the line "debug=false" and change this to "debug=true".
  3. From the Admin tab in the web UI, deploy changes.  Debugging information will then be sent to the file /var/log/qradar.log.
  4. When complete, disable the debugging, and deploy again.
Modification History:
2019-10-29: Minor, non-technical edits.
Related Links: