Problem:
After I deploy the Authentication Agent version 3.4.3880 or upgrade to this version,
the
agent always fails to authenticate users.
Cause:
Starting from version 3.4.3880, the Authentication Agent uses SSL/TLS to connect to
the AD
server by default. For successful communication, the AD server needs to support
Opportunistic TLS. Otherwise, the Authentication Agent cannot connect to the AD server
to
authenticate users.
Solution:
-
Enable Opportunistic TLS on your AD server.
-
If your AD server does not support Opportunistic TLS, disable SSL/TLS for the Authentication Agent so that the agent can communicate with your AD server successfully: Open the configuration file
<Installation path>\AuthenticationAgent\simplesamlphp\config\authsources.php, and change the value of the parameterenable_tlsto FALSE.