Thwacksters and @jblankjblank Jeff,
I have installed EOC 2020.2 with the Orion hotfix, and started experimenting with the World(wide) Map view to present groups throughout our enterprise environment (worldwide government). I have multiple sites, all configured to pass-through the authentication, and drill down from alerts works Great! Thank you! However, in drilling down to the site from the World Map, the pass-through uses the designated site registration account. In accordance with the documentation, the site registration account needs to be an admin. This could have drastic impact.
I would think that all widgets and view/dashboard devices would call the same authentication API.
Is this a bug or have I missed a configuration item?
@chippershredder - just to clarify - when you say site, are these the Groups you added to the WorldWide Map? Is it only from the WorldWide Map Widget, or if you go to Enterprise Groups in EOC and just try to access one of those groups, are you seeing expected behavior? Have you thought about using Orion Maps to mimic this? Is that exhibiting the same behavior? Just want to be sure I understand the exact scenario you are seeing.
After validating the "pass-through authentication" credentials were set on each site, and choosing "logout" for all connections, and clearing browser cache, and closing the browser, reopening and retrying the tests appear to be successful (for my login).
I will continue to watch this as I build objects in EOC 2020.2 and test drill-down.
Thanks for pushing me through the troubleshooting!
v/r, Chip Miller
From the source site, I opened the World Map and added a local site group object. Any objects placed on the world map within a site appear to be replicated up to the EOC World Map. This is a cool feature! Our environment has separate administrator teams managing their own sites, with a non-administrator team using EOC for visibility across the enterprise.
I have not really noted any additional behavior due to the short period of time EOC 2020.2 has been running. I am familiar with groups in Orion, but groups were not previously available in EOC, so I have yet to play with those either.
So, to summarize the process for which I see the issue:
- In the Orion site logged in as myself, edit the world map, zoom to my current location, add a group object to the map.
- In EOC 2020.2 logged in as myself, My Dashboards/Enterprise Maps, in the "Worldwide Map" widget, zoom to the location where the group was placed, mouse over the group and expand "commands", select "go to details", the child Orion site Group Details page displays and I see the Orion user account in the upper-right corner.
Incidentally, I also have EOC 2019.4 running with Network Atlas maps to the same sites, where, when I drill down, the pass-through authentication works as expected (maintain my login through the process).
My intention is to get away from maps built in Network Atlas (deprecated and slow to display) and take advantage of the administrative responsibilities for each site team.
Does this make sense? I am happy to create a support ticket, I just wanted to make sure I was not missing any configurations.
Within EOC 2020.2 logged in as myself:
- Open My Dashboards/Enterprise Groups, find a group of interest (I did not choose the same group or Orion site), click to drill down, Orion site opens Group Details with my login.
- Open My Dashboards/Enterprise Groups, find a group for the same site as the original post concerns, click to drill down, Orion site opens Group Details with the site registration Orion account.
I then verified the site configuration credentials were all set to pass-through authentication and re-ran the tests in a new browser window. The results were the same. Going to try clearing cached content, and retry tests.
@chippershredder What type of account is being used? Orion, Active Directory, or SAML? If you are seeing the wrong credentials on the remote instance, you may have automatic login using Windows Authentication enabled. If that is the case, Windows creds will take precedence over the pass-through creds. Please let us know what type of account you are using.
All accounts are Windows authentication with 2FA, except where username and password are the only option. We do have automatic logon set for the website. User logins are passed from the browser session credential, admins logout back to the login screen and are prompted for a certificate to get back in.
Somehow, I had a cached connection with the site registration account. Once logging out and clearing cached content in the browser, everything worked as expected.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.