A general system error occurred: Authorize Exception
I turns out, the SSO Identity Source was trying to connect to Domain Controllers which were powered off. To prevent this from occuring in the future, I wanted to add a physical DC to the config.
Our infrastructure uses LDAP over SSL (LDAPS) so, it required a few additional steps.
1. First, log into the Domain Controller you would like to use as a Server URL for the Identity Source. Then launch the mmc and add the Certificates Snap-in. Select Computer Account and Local Computer. Export the certificate used for Server Authentication.
A. On the Export Private Key screen, select No, do not export the private key
B. On the Export File Format screen, select Base-64 encoded X.509 (.CER)
2. Using the WebClient log in using the admin@System-Domain account. Go to
Sign-On and Discovery --> Configuration. Right click on the Identity Source and select Edit Identity Source.
3. Enter the appropriate DC info, the select Choose Certificate.
4. Browse to the newly exported .cer file.
5. Select Test Connection:
6. To confirm that
the change has taken affect, open the following file on the SSO server:
These steps are useful to change the Identity Source Server URL.This process is useful in the case where infrastructure uses LDAP over SSL.
ReplyDeleteidp shibboleth