 |
Consumption Analytics Documentation |
|
Consumption Analytics Documentation |
By default, Cloud Cruiser authenticates users using its internal database to manage credentials. You can configure Cloud Cruiser to integrate with an external authentication system, such as an LDAP server or an SSO (Single Sign-On) system. To configure authentication, you must create a text file named <install_dir>/apache-tomcat-7.0.54/webapps/ROOT/WEB-INF/classes/security.properties. The contents of the file depend on the specific authentication system used and are detailed below in the appropriate section.
Internal is the default configuration. It will be used if there is no security.properties file present. Alternately, you can explicitly configure internal authentication. The syntax of the security.properties file for URL is:
authentication.method=internal
The syntax of the security.properties file for LDAP is:
authentication.method=LDAP ldap.url=ldap://<server_name>:<port> ldap.adminDN=<adminDN> ldap.adminPassword=<adminPassword> ldap.baseDN=<baseDN> ldap.userDNPattern=<userDNPattern> ldap.userSearchPattern=<userSearchPattern> ldap.passwordAttribute=<attributeName>
The properties referenced by this syntax are:
<server_name> | Host name or IP address of the LDAP server. |
<port> | Port on which the LDAP server is listening (typically 389). |
<adminDN> | The Distinguished Name (principal) to use for obtaining authenticated LDAP contexts (administrator or manager access). For example, Ensure that your Active Directory user is enabled. For example, Microsoft AD LDS users are disabled by default. |
<adminPassword> | The password corresponding to the |
<baseDN> | An optional DN that will be combined with the ldap.userDNPattern or ldap.userSearchPattern value when matching users. For example, ou=My Organization,dc=mycompany,dc=com. |
<userDNPattern> | Pattern used to match users in the LDAP directory. The special token {0} will be replaced with the username being authenticated. For example, |
<userSearchPattern> | User search pattern typically used in Active Directory configurations as an alternate to |
<passwordAttribute> | The attribute of the user object (objectClass) that contains the password to be verified against. For example, |
For example:
authentication.method=LDAP
ldap.url=ldap://localhost:6389
ldap.adminDN=CN=admin2999,CN=Roles,OU=app1,DC=contoso,DC=local
ldap.adminPassword=92#$Zg!5r
ldap.baseDN=OU=app1,DC=contoso,DC=local
ldap.userDNPattern=uid={0},OU=app1,DC=contoso,DC=local
ldap.userSearchPattern=(&(objectClass=user))
ldap.passwordAttribute=userPassword
You must specify at least one of ldap.userDNPattern or ldap.userSearchPattern. If you specify both, Cloud Cruiser will first attempt to match against ldap.userDNPattern. If no match is found, Cloud Cruiser will then try to match against ldap.userSearchPattern.
ldap.baseDN is optional. If present, it will be combined with ldap.userDNPattern and ldap.userSearchPattern when matching users.
Cloud Cruiser SSO configurations utilize http headers. The syntax of the security.properties file for SSO is:
authentication.method=SSO sso.username.header=<usernameHeaderName> sso.enablement.header=<enablementHeaderName> sso.enablement.value=<enablementValue> sso.logout.url=<logoutURL> sso.create.unrecognized.users=<createUsersFlag>
The properties referenced by this syntax are:
|
| Name of the HTTP header that will contain the username. This property is required. |
|
| Name of the HTTP header that specifies whether the user is enabled. This property is optional. If not defined, the user is always considered enabled. |
|
| The value of the If specified, the user will be considered enabled only if the value specified matches the value of |
<logoutURL> | If specified, the application will redirect to this URL when the user logs out. This property is optional. |
|
| If this value is "true," unrecognized users (users who have not logged into Cloud Cruiser) will be created with default values. If the value is "false," unrecognized users will not be permitted to login. The default value is "false." This property is optional. |
The following video shows how to configure Cloud Cruiser for SSO authentication: