Configuring AuthLink Authentication
When using AuthLink authentication, you need to prepare your server environment to include authentication properties and secured connections.
Important
If you have an on premise installation, verify that the Authentication Link application has been properly set up. For details, see the section Custom Authentication Setup in the JIS On-Premises Installation Guide.
Contact Uniphore Support (support@uniphore.com) for assistance in configuration, if needed.
To successfully use AuthLink authentication, customers with cloud accounts (i.e., not an on-premise installation of X‑Platform) need to have one dedicated local Tomcat server to run the authlink.war (a file provided by Uniphore). This server, called the authlink server, must:
be able to connect to your authentication server, and
be exposed to Uniphore's X‑Platform, i.e., the servers need to be able to reach it via HTTP or HTTPS (recommended).
Cloud setup for AuthLink authentication includes the following steps:
Set up the authlink.war on your local server.
Configure the properties in the authentication.properties file (explained in the section below).
In the X-Console, configure the settings of the relevant application(s) to use the authlink for authentication by providing the public URL of your authlink server. For more details, refer to Configuring Application Settings.
Configuring AuthLink Properties for LDAP
Tip
X‑Platform also enables direct LDAP authentication, without using AuthLink. For more information, see Configuring LDAP Authentication.
The authentication.properties file is a configuration file for LDAP server settings. This file is provided with X‑Platform out-of-the-box as part of the distribution package.
Properties related to LDAP server settings are listed in the following table. Each property needs to be configured according to your LDAP settings and directory structure.
Some of the properties map between your User groups and X‑Platform Roles. For details about the different roles and associated privileges, refer to Roles and Permissions.
Property | Description | Example |
|---|---|---|
ldap.url | The URL for the LDAP server. It may be separated to host, port, and schema. | ldap://10.90.17.46:389 |
ldap.base | The LDAP root from which all searches are started.t | dc=devdomain, dc=develop,dc=com |
ldap.user | The full DN of the Admin user used for LDAP connectivity. This user is never exposed to the X‑Platform Server. | cn=interact,cn=Users, dc=devdomain,dc= develop,dc=com |
ldap.password | Password of the Admin user. When the application starts, the value of this property is encrypted by the server. The password is thus never exposed to the X‑Platform Server. | |
ldap.password.encrypted | This flag specifies whether the ldap.password is clear text or encrypted. Initially the value should be false. When the application starts, the server encrypts the value of ldap.password and saves the encrypted value back to the properties file. The value of the ldap.password.encrypted property is then set to true. For details about how to change the password, refer to the procedure below the table. | |
ldap.user.loginAttribute | This property is used to bind users during authentication. To allow users to login using different properties, a comma separated list of values can be used. | uid, sAMAccountName |
ldap.user.objectClass | Name of the object class that identifies a user. | person |
ldap.user.memberOf.attribute | This property is used to identify group memberships of users. | memberOf |
ldap.group.name.attribute | Identifies a group name. | cn |
ldap.group.memberOf.attribute | This property is used to identify group memberships of groups.t | memberOf |
ldap.group.search.depth | Defines the number of levels (up the group hierarchy) that are searched when a search for group membership is done. When the value is set to 0, the search is done only on the groups to which the user directly belongs. | 3 |
ldap.admin.groups | A comma separated list of Admin group names. Users belonging to any of these groups will have Account Admin privileges in the X-Console. | Administrators.group2,group3 |
ldap.sysadmin.groups | A comma separated list of System Admin group names. Users belonging to any of these groups will have System Admin privileges in the X-Console. | sysadmin.group1 |
ldap.agent.groups | A comma separated list of Agent group names. Users belonging to any of these groups will have Agent privileges in the X-Console. | Agents.group4 |
ldap.intadmin.groups | A comma separated list of Interaction Admin group names. Users belonging to any of these groups will have Interaction Admin privileges in the X-Console. | Agents.group5 |
ldap.designer.groups | A comma separated list of Designer group names. Users belonging to any of these groups will have Designer privileges in the X-Console. | Designers.group6 |
token.timeout | The time period (in minutes) for which the access token provided by the Authentication Link server is valid. |
The following example shows sample content of the authentication.properties file:
#LDAP Properties #Tue Mar 08 10:43:29 EST 2016 ldap.admin.groups=Administrators ldap.group.search.depth=3 ldap.user=cn\=interact, cn\=Users,dc\=devdomain,dc\=develop,dc\=com ldap.agent.groups=Administrators ldap.user.loginAttribute=cn,uid,sAMAccountName ldap.user.memberOf.attribute=memberOf ldap.group.name.attribute=cn ldap.sysadmin.groups=Administrators ldap.intadmin.groups=Administrators ldap.password.encrypted=true ldap.user.objectClass=person ldap.password=Hca72ROiW_RCA0itgXlKkg ldap.group.memberOf.attribute=memberOf ldap.base=dc\=devdomain,dc\=develop,dc\=com ldap.url=ldap\://10.90.17.46\:389 ldap.designer.groups=Administrators #Token Service Properties #Tue Mar 08 10:43:29 EST 2016 token.timeout=600
Changing a Password
Set the
ldap.password.encryptedproperty to false.Set the
ldap.passwordproperty to the value of the new password (in clear text).Restart the server. The application encrypts the new password, and writes the value back to the properties file.
Using an SSL Connection
X‑Platform supports an SSL connection to the LDAP server, using ldaps.
Set the ldap.url property to use SSL. For example,
ldap.url = ldaps://10.90.17.46:636.Export the LDAP server certificate, and import it to your Tomcat's JVM.