Cloud Cruiser became HPE Consumption Analytics on Nov. 1st. You'll still see the old name in places while we update this site.

 

 

Consumption Analytics Documentation

Home > Cloud Cruiser 3 > Administering > Managing the application server > Configuring authentication

Configuring authentication

By default, Cloud Cruiser authenticates users using its internal database to manage credentials. You can configure Cloud Cruiser to integrate with an external authentication system, such as an LDAP server or an SSO (Single Sign-On) system. To configure authentication, you must create a text file named <install_dir>/apache-tomcat-7.0.35/webapps/ROOT/WEB-INF/classes/security.properties. The contents of the file depend on the specific authentication system used and are detailed below in the appropriate section.

Even when Cloud Cruiser is configured to use an external authentication system, you can create users in Cloud Cruiser without corresponding users in the external system. To do this, when editing a user in the Users page, set the Authentication Type to Internal.

Internal authentication

Internal is the default configuration. It will be used if there is no security.properties file present. Alternately, you can explicitly configure internal authentication. The syntax of the security.properties file for URL is:

authentication.method=internal

LDAP authentication

The syntax of the security.properties file for LDAP is:

authentication.method=LDAP
ldap.url=ldap://<server_name>:<port>
ldap.adminDN=<adminDN>
ldap.adminPassword=<adminPassword>
ldap.baseDN=<baseDN>
ldap.userDNPattern=<userDNPattern>
ldap.userSearchPattern=<userSearchPattern>
ldap.passwordAttribute=<attributeName>

The properties referenced by this syntax are:

<server_name>

Host name or IP address of the LDAP server

<port>

Port that the LDAP server is listening on (typically 389)

<adminDN>

The Distinguished Name (principal) to use for obtaining authenticated LDAP contexts (administrator or manager access). For example, "cn=Manager,dc=mycompany,dc=com".

<adminPassword>

The password corresponding to adminDN

<baseDN> An optional DN that will be combined with userDNPattern or userSearchPattern when matching users. For example, "ou=My Organization,dc=mycompany,dc=com".

<userDNPattern>

Pattern used to match users in the LDAP directory. The special token {0} will be replaced with the username being authenticated. For example, "uid={0},ou=users,dc=mycompany,dc=com". 

<userSearchPattern>

User search pattern typically used in Active Directory configurations as an alternate to userDNPattern. The special token {0} will be replaced with the username being authenticated. For example, "(&(&(objecClass=user)(objectCategory=person))(userPrincipalName={0}))".

<passwordAttribute>

The attribute of the user object (objectClass) that contains the password to be verified against. For example, "userPassword".

You must specify at least one of ldap.userDNPattern or ldap.userSearchPattern. If you specify both, Cloud Cruiser will first attempt to match against ldap.userDNPattern. If no match is found, Cloud Cruiser will then try to match against ldap.userSearchPattern.

ldap.baseDN is optional. If present, it will be combined with ldap.userDNPattern and ldap.userSearchPattern when matching users.

SSO authentication

Cloud Cruiser SSO configurations utilizing http headers. The syntax of the security.properties file for SSO is:

authentication.method=SSO
sso.username.header=<usernameHeaderName>
sso.enablement.header=<enablementHeaderName>
sso.enablement.value=<enablementValue>
sso.logout.url=<logoutURL>
sso.create.unrecognized.users=<createUsersFlag>

The properties referenced by this syntax are:

<usernameHeaderName>

Name of the HTTP header that will contain the username

<enablementHeaderName>

Name of the HTTP header that specifies whether the user is enabled. If not defined, the user is always considered enabled.

<enablementValue>

The value of the <enablementHeaderName> that indicates a user is enabled. If specified, the user will be considered enabled only if the value specified matches the value of <enablementHeaderName>. If this property is not specified, the user is considered enabled based on the presence of <enablementHeaderName> (with any or no value).

<logoutURL> If specified, the application will redirect to this URL when the user logs out.

<createUsersFlag>

If this value is "true," unrecognized users (users who have not logged into Cloud Cruiser) will be created with default values. If the value is "false," unrecognized users will not be permitted to login.

Last modified

Tags

This page has no custom tags.

Classifications

This page has no classifications.
© Copyright 2018 Hewlett Packard Enterprise Development LP