Jump to content

All Activity

This stream auto-updates

  1. Today
  2. Hi Boffin, Did you also try specifying a value for "Name ID", as your output above says "Name ID format: Unspecified". If you've changed from SHA1 to SHA256, you might need to export the certificate again, and add that into Passwordstate. What build of Passwordstate are you using? Earlier this year Microsoft did make a change during a Windows Update which did cause issues with older builds of Passwordstate? There is no where in Passwordstate to get logs for this sort of thing unfortunately. Let us know what happens after your upgrade. Regards Click Studios
  3. Yesterday
  4. That's prety much exactly how I had it set up (SHA1 instead of SHA256, and upn instead of email), but it fails when set up exactly the same as yours. I'm going to update our PSTATE to the latest/greatest tomorrow (hoping that also solves a problem with your Radius client sending an invalid field) Where on the Passwordstate machine can I get logs of why it thinks it should go back to Okta to get credentials when Okta has provided them ?
  5. Hi Boffin, We don't have all fields documented, as not all fields are required for SAML authentication to work. Below are some screenshots from our Okta account and Passwordstate - can you please doublecheck what you have? Can you check all fields, including the certificate type, and Audience Restriction. Your 'Name ID format' setting in Okta seems to be blank as well, and you must specify an attribute which matches "SAML Response's Name Identifier - NameID" in Passwordstate. We hope this helps.
  6. I'm having great difficulty with passwordstate talking to Okta, and the example config in the password state docs for Okta is greatly lacking (missing 80% of the config values). What happens is when I visit our local password state, it goes off to Okta, verifies, go back to passwordstate which then fires off to Okta again, etc etc etc Here is the config I currently have: What the heck am I missing? Plus where the heck in passwordstate can I see what I assume are the failed assertions? OKTA CONFIG Single sign on URL: https://in
  7. Last week
  8. Hello KC_Brec, We're not sure if it helps at all, but you can subscribe to our announcements forum here to receive those notifications - https://www.clickstudios.com.au/community/index.php?/forum/6-announcements/ Regards Click Studios
  9. Would be nice if Passwordstate would email security administrators when an update to or new version of the application is available. We generally only use administrator account when system administration is needed, otherwise a normal account is in use. We would prefer not to notify all users when a new version is available. If this option is available, my apologies but I could not find any information about it anywhere.
  10. I had to uninstall and reinstall to get past this.
  11. Hi, We can choose maximum word length for generated password but not minimum word length that would be very usefull !! Can you add please this possibility on the next update ? Thank you.
  12. Earlier
  13. Hi Eric, Not sure what this is at the moment but I have a couple of suggestions: Did you try resetting the installer yet? https://www.clickstudios.com.au/community/index.php?/topic/1663-resetting-the-passwordstate-setup-process/ When you browse to your Passwordstate website for the first time, can you access it via HTTPS instead of HTTP? Does this help? Could you try running your browser in incognito mode and run the through the initial set up[ again. Does this help at all? Regards, Support
  14. For anyone else reading this forum post, we found the cause of this issue. The first screenshot below was the type of Password List Templates that were missing - where the 'Enable Password Resets' option was enabled. The second screenshot below is the reason these Templates were not showing - as there were restrictions applied as to which users could create Password Lists with this option enabled.
  15. Hey everyone. I am trying to get Gsuite SAML to work with Passwordstate but I am having some odd trouble. I saw this thread but no replies. I have Gsuite SAML working with other third party applications but with Passwordstate I am getting "The <Issuer> element MUST be present in <AuthnRequest> element." I have decoded the SAML response and I see the correct IDPID in the response and <Issuer> element does exist as far as I understand. I've added a screenshot for the Google error and the obfuscated decoded SAML response below.
  16. Hi Erik, You are welcome to log a support call about this to our email address if you like, but I'll put some troubleshooting steps below for this: Can you first try resetting your installer, to see if that fixes the issue: https://www.clickstudios.com.au/community/index.php?/topic/1663-resetting-the-passwordstate-setup-process/ Do you have any AV software or scanning software installed on your web server, that you can disable whilst performing the Passwordstate install? If you still cannot get past this error, could you open developer tools in your brows
  17. I am the "System Settings" part of the setup. I put in the emergency password I want to use, I click Next, nothing happens, no error, just nothing. Any ideas?
  18. Hi Everyone, Today we have release build 8983 which includes 2 new updates. Full changelog can be found here - https://www.clickstudios.com.au/passwordstate-changelog.aspx. Regards Click Studios
  19. Hi Tibor, If a user’s name in Active Directory were to change, there is a process we need to follow in Passwordstate because of the way we encrypt the UserID throughout many tables. Passwordstate does not encrypt the user data based on the SID, so if the name changes, then Passwordstate will treat the new username as a new user into Passwordstate. As you have set the system settings to delete the user if they are no longer found, then a combination of these two events have deleted the old user from Passwordstate, along with their Private Password Lists. Process to rec
  20. Hello I've the attached AD-Sync settings set. An Account with her old Name does not exist in Passwordstate. Seems it was renamed properly. Also her EMail-Address changed with this. Since the AD-Accout was not deleted, only renamed, i expect passwordstate to just rename the account without changing User-Permissions / delete private Passwords. So far i see this as a major bug. Cheers Tibor
  21. Thanks a lot for the quick response. Detailed logging is not enabled, so it seems the huge amount of log entries has a different source. I will try to figure out what is happening here...
  22. Hello. Then we try to import from KeePass (Keepass 2.0 XML) this erros apears When we try to import the file from KeePass (Keepass 2.0 XML), an error like this appears: CreateFoldersRecursive : Cannot bind argument to parameter 'PasswordstateParentFolderID' because it is an empty string. C:\Keepas export\Import-KeePass-XML.ps1:256 знак:69 + ... ursive -PasswordstateParentFolderID $passwordStateNewFolderID -KeePas ... + ~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidData: (:) [CreateFoldersRecursive], Para
  23. Hello Bjorn, No those log files are not relevant/used by Passwordstate at all, and you can delete them if required. Also maybe check if someone has enabled detailed logging in IIS, as we've never had reports of logs files being that large as well. Regards Click Studios
  24. Hi everybody, today our monitoring system reported low disk space on our Passwordstate system. A deeper analysis showed that a huge amount of disk space (> 19GB) is used by IIS logfiles. Relevant path \inetpub\logs\LogFiles\W3SVC2 Are those logfiles relevant for any kind of auditing wihtin the system? Or can we just delete all files except the time range we want to keep (e.g. 30 days) ? Kind regards, Björn
  25. Hi Jonathan, We don't normally suggest to purchase more licenses, unless it's absolutely necassary - and this was one option we could think of to help assist with your specific requirement. We did provide a possible work around, and your response was "That is a great idea! Let me discuss with our team." I assume the rest of the team did not like the idea? Regards Click Studios
  26. Adding this to the forum's "Feature Requests". I emailed support back on July 7, 2020 and was basically told, buy more licenses. The response is not optimal and I hope it's voted upon as the use of "elevated privilege" accounts get more prevalence in environments. Got a specific problem with how PasswordState works versus how our Information Security department wishes to protect passwords. Today, we have two types of Active Directory accounts: Non-privileged and elevated privileged. Non-privilege is based on least-privilege and elevated privilege accounts protect se
  1. Load more activity
×
×
  • Create New...