As per the Express FAQ, if you're attempting PKI functionality on UNIX/Linux you need standard edition.
↧
Re: PKI certificates are not being recognized
↧
Re: Integrate Google and Facebook Social Login
The URI (uniform resource locator) is something you will get from the social media provider. Below is an example of how the URI is defined and configured for Facebook as an example - https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow. The purpose of this configuration is to trust one or more web-sites that you want users to be re-directed upon login/logout using social media applications like Facebook. Check with each of your social media providers for the URI that you can enter on the Centrify side for the redirect.
Hope this helps.
↧
↧
Support for centos 6.8?
Is there an eta on support for centos 6.8 (for centrify express)?
I'm considering moving to centrify, but the directmanage deployment manager chokes on centos 6.8 boxes because it says it doesn't have an available analysis tools package for 6.8.
↧
Re: Support for centos 6.8?
Welcome to the Centrify Express community:
Deployment manager is not neededfor agent functionality, it's just a discovery & distribution mechanism. You can get the RPM and use rpm, yum, chef, puppet, ansible, whatever you require to install the software.
What you're likely seeing is that some of our utilities like will throw an error because CentOS 6.8 is not on the manifest. Since this is a minor release, you should be able to install the client directly and join AD via any other means.
See below. This is not an "officially-supported" release until Suite 2017, but you can install our client and use it unless there's been major OS-changes for PAM, NSS or Kerberos.
Notice below that I used the Centrify repo to obtain the bits, then I ran adjoin and off we go...
[centrifying@centos68 ~]$ cat /etc/centos-release CentOS release 6.8 (Final) [centrifying@centos68 ~]$ sudo yum install CentrifyDC Loaded plugins: fastestmirror, refresh-packagekit, security Setting up Install Process base | 3.7 kB 00:00 base/primary_db | 4.7 MB 00:01 centrify | 2.9 kB 00:00 centrify/primary_db | 20 kB 00:00 extras | 3.4 kB 00:00 extras/primary_db | 37 kB 00:00 updates | 3.4 kB 00:00 updates/primary_db | 2.0 MB 00:00 Resolving Dependencies --> Running transaction check ---> Package CentrifyDC.x86_64 0:5.3.1-398 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: CentrifyDC x86_64 5.3.1-398 centrify 33 M Transaction Summary ================================================================================ Install 1 Package(s) Total download size: 33 M Installed size: 80 M Is this ok [y/N]: y Downloading Packages: centrifydc-5.3.1-rhel4-x86_64.rpm | 33 MB 00:00 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : CentrifyDC-5.3.1-398.x86_64 1/1 Verifying : CentrifyDC-5.3.1-398.x86_64 1/1 Installed: CentrifyDC.x86_64 0:5.3.1-398 Complete! [centrifying@centos68 ~]$ sudo adjoin -w -u dwirth centrify.vms [sudo] password for centrifying: dwirth@CENTRIFY.VMS's password: Using domain controller: dc.centrify.vms writable=true Join to domain:centrify.vms, zone:Auto Zone successful Centrify DirectControl started. Loading domains and trusts information Initializing cache . You have successfully joined the Active Directory domain: centrify.vms in the Centrify DirectControl zone: Auto Zone You may need to restart other services that rely upon PAM and NSS or simply reboot the computer for proper operation. Failure to do so may result in login problems for AD users. [centrifying@centos68 ~]$ adinfo Local host name: centos68 Joined to domain: centrify.vms Joined as: centos68.centrify.vms Pre-win2K name: centos68 Current DC: dc.centrify.vms Preferred site: Demo-Network Zone: Auto Zone CentrifyDC mode: connected Licensed Features: Enabled
"Officially Supported" to us means that we have QA-tested all our tool-set, but that will happen for that version of CentOs (released in May, the same month we relased 2016.1) when we release 2017.
Bottomline - no need to wait, enjoy automation.
R.P
↧
Re: Centrify Browser Extension has fired an exception - Internet Explorer
Are you an Express or Commercial customer?
You should have the ability to contact support if you're a commercial customer.
Otherwise, you should give us more information about this exception.
- Operating System
- Application you want to access
- Exception screenshot
R.P
↧
↧
zone failed
Moved to the Server Suite forum for better topic alignment.
↧
PKI certificates are not being recognized
I am having issues with my certificates being recognized
↧
Re: PKI certificates are not being recognized
Hello
Regarding PKI certificates, can you explain a bit more about the issue you are having? Are you meaning to post in the Centrify Express for Mac, or Unix?
Have a great day!
Ryan V.
↧
Re: PKI certificates are not being recognized
As per the Express FAQ, if you're attempting PKI functionality on UNIX/Linux you need standard edition.
↧
↧
DoD CAC Authentication
I am trying to login to web.mail.mil with my CAC. After installing all of the various drivers and such, I am able to get an authentication message linked to my CAC. It is essentially the same message I get from a NIPR computer at the office. So the CAC is visible to the computer and the software appears ready to use my CAC to authenticate. But then I get this error message:
"Your session could not be established. The session reference number: 3c863553 BIG-IP can not find session information in the request. This can happen because your browser restarted after an add-on was installed. If this occurred, click the link below to continue. This can also happen because cookies are disabled in your browser. If so, enable cookies in your browser and start a new session. Thank you for using BIG-IP. To open a new session, please click here."
Anyone know what the problem is?
↧
Re: DoD CAC Authentication
Hi chrisrein,
Welcome to Centrify!
From the description, it looks like something is blocking from BIG-IP in establishing the connection. You may need to check with BIG-IP to see what is blocking behind. In doing some research online, someone is seeing similar as well:
https://devcentral.f5.com/questions/session-cannot-be-established
Please let us know if there is anything we could assist with.
Kind Regards,
Albert
↧
centrify authentication every day
I have users who are having to go through the Centrify Authentication process every day. What's going on? Thanks.
↧
Centrify Authentication Email Not Received
I set up a new user. When he gets his Centrify Authentication prompts, it accpets his password but he never receives the email with the authentication link. Thanks.
↧
↧
Re: SSO with xrdp
Thank you Robertson,
The Centrify suite version is 2016.1 deb7 x86_64
The Ubuntu version is 14.04
The client is a Windows 7 Enterprise SP1
Rafi
↧
Re: centrify authentication every day
Welcome back,
Remember to always be as specific as possible when you submit to the boards.
I think you may be referring to SSO using Integrated Windows Authentication. There have been changes since 16.7, please opt-in to communications from Centrify.
Check out
or this KB article:
If this is not what you're referring to, please add more detail.
R.P
↧
Re: Centrify Authentication Email Not Received
When troubleshooting e-mail delivery:
a) Make sure the user's e-mail address is correct (in the Centrify Cloud Directory, Active Directory (GAL), LDAP or Google Directory).
b) Make sure that the user's e-mail system isn't blacklisting "donotreply@centrify.com" or modify the email template to reflect a whitelisted address.
Finally, as a good design choice, depending on your security posture, make sure that the user has several step-up mechanisms and ideally at least one multi-factor mechanism. As of 16.8 (current release) the options are:
- Password and User-defined question are just secrets > they don't qualify as step-up or MFA
- Phone call, Email, Text (SMS) are step-up mechanisms > can be relatively good mechanisms for Step-up authentication.
- Mobile authenticator (push), OATH OTP client and 3rd party RADIUS (e.g. SecurID, Symantec VIP, Vasco, etc) > satisfy the requirements for MFA (something you have) and are relatively easy to set up.
- If you have the App+ edition, you can use Strong Authentication (certificate-based authentication/smart card) using your PKI infrastructure as well.
Make sure that your Auth Profiles include an alternative delivery method.
R.P
↧
Re: SSO with xrdp
I will be OOO for a week so try to continue to query the boards or simply play around with the PAM configuration. This should be straight-forward to set up.
↧
↧
Trouble intalling Centrify Express onto Mac
I have been trying to install Centrify Express onto my MacBook Pro OS X (10.10.5). I am able to download centrify to the computer but it will not install. I keep getting an error alert that states the OS can't recognize the software and to contact the application managers. I have tried updating my software and reinstalling the application without any luck. Any assistance would be greatly appreciated.
↧
Re: centrify authentication every day
That solved it. Thanks.
↧
Re: Cloud Connector is down. What are the consequences?
is there any alerting that we can recieve when a Cloud Connector goes inactive?
↧