Versions Compared

Old Version 28

changes.mady.by.user Chris Welford

Saved on

compared with

New Version Current

changes.mady.by.user Chris Welford

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

FieldValueExample
Default DomainThis is the domain that users will be presented with when they open PhixFlow. They will be able to select a different domain by selecting from a drop-down list, which will show all configured domains, as well as local. The local domain is used when logging in as an internal PhixFlow user User.
Code Block
local
Code Block
narnia.local
Active Directory Login Group

The list of names of Active Directory groups authorized to use this instance of PhixFlow, separated by semicolons. There must be no spaces between the groups listed, just semicolons.

Use {instance} to include the PhixFlow instance name (this is set up in System configuration).

Note that these groups do not have to be mapped to any of the PhixFlow User Groups (see below), although they can be if you wish.

Code Block
PHIXFLOW_ADMINS; PHIXFLOW_USERS_{instance}

...

Enhanced diagnostics can be generated by adding the linelines

Code Block
# detailed logging for AD connection attempts
log4j.logger.org.springframework.security=debug
log4j.logger.com.accipia.centerview.util.ContextUserExtractor=debug
log4j.logger.com.accipia.centerview.util.security=debug
log4j.logger.com.accipia.centerview.model.POJOImpl=debug

to your log4j.properties file - seeĀ Server Logging for details on controlling logging options with this file. You will then see detailed messages in the log file for your instance; the name of this log file is configured in your log4j.properties file, but typically this is phixflow.log, and where to find the results.

Note that with all options applied, the log files generated will be very large. You must switch off these options as soon as you have completed your tests. You can comment out the lines in the log4j.properties file, if you want to keep them in the file, by placing a # at the beginning of each line.

You could also consider applying a more limited set of debugging options, e.g.

Code Block
log4j.logger.org.springframework.security=debug
log4j.logger.com.accipia.centerview.util.security=debug

This will not give you as complete a log of what is happening during a login attempt, but the log files generated will be smaller. In particular, this reduced set of debugging options will include messages from

Code Block
com.accipia.centerview.util.security.ActiveDirectoryLdapAuthenticationProvider

which provides information about what groups the user attempting to login belongs to.