Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. D s config
    methoda

  2. The following settings do not apply to this method of SSO integration. However:

    Info

    NOTE: If you are switching from the reverse proxy method to this method, please verify that these settings are set to the values listed in the New Value column.


    SettingDescriptionNew Value
    "webapp.sso.enable"

    Enables use of reverse proxy SSO by the

    D s webapp
    .

    If changing SSO methods, set this value to false.
    "webapp.sso.disableAuthGateway"When set to true, the reverse proxy server is disabled.If changing SSO methods, set this value to true.
    "webapp.sso.enableAutoRegistration"Enables users to auto-register an account with the platform when they connect to the login page.To enable automatic access with SSO-authenticated users, set this value to true. To require administrator provisioning of user accounts, set this value to false. For more information, see Manage Users under SSO.


  3. Enable LDAP for the platform:

    D s triconf
    setting

    Description

    "webapp.ldap.enabled"

    Set this value to true to enable LDAP for the

    D s webapp
    .


  4. Configure location and properties of the enterprise LDAP server:

    D s triconf
    setting

    Description

    "webapp.ldap.server.url"

    The URL of the LDAP server

    "webapp.ldap.server.searchFilter"

    The search filter to use when querying the LDAP server for users. Default value is:

    Code Block
    (uid={{username}})

     

     

    "webapp.ldap.server.searchBase"

    The starting point on the LDAP server to begin the search for users.

    Example value:

    Code Block
    dc=example,dc=org


    "webapp.ldap.server.searchAttributes"

    Array of attributes to retrieve from the LDAP server for a user. Modify this value only if your identity provider is sending different attributes.

    "webapp.ldap.server.internalCACertificatePath"

    Path to the CA certificate to use when connecting to the LDAP server over ldaps://.

    "webapp.ldap.server.bindDN"

    The distinguished name used to bind to the LDAP directory.

    Example value:

    Code Block
    cn=admin,dc=example,dc=org


    "webapp.ldap.server.bindCredentials"

    Password for simple authentication to the LDAP server.


  5. Configure the LDAP property mappings:

    D s triconf
    setting

    DescriptionLDAP Property

    "webapp.ldap.mapping.ssoPrincipal"

    LDAP user property defining a user's ssoPrincipal.

    uid

    "webapp.ldap.mapping.name"

    LDAP user property defining a user's name.

    cn

    "webapp.ldap.mapping.hadoopPrincipal"

    LDAP user property defining a user's hadoopPrincipal.

    Info

    NOTE: Please enter this value in lowercase. This is a known issueThis value must be a case-sensitive match to the value of the LDAP attribute.


    uid

    "webapp.ldap.mapping.email"

    LDAP user property defining a user's email.

    mail


  6. Save the file.
  7. Restart the platform.
  8. Test authentication.

...