Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space DEV and version r0681

...

  1. D s config
    methoda

  2. The following settings do not apply to this method of SSO integration. However:

    Info

    NOTE: If you are switching from the reverse proxy method to this method, please verify that these settings are set to the values listed in the New Value column.

    SettingDescriptionNew Value
    "webapp.sso.enable"

    Enables use of reverse proxy SSO by the

    D s webapp
    .

    If changing SSO methods, set this value to false.
    "webapp.sso.disableAuthGateway"When set to true, the reverse proxy server is disabled.If changing SSO methods, set this value to true .
    "webapp.sso.enableAutoRegistration"Enables users to auto-register an account with the platform when they connect to the login page. To enable automatic access with SSO-authenticated users, set this value to true . To require administrator provisioning of user accounts, set this value to false. For more information, see Manage Users under SSO.
  3. Enable LDAP for the platform:

    D s triconf
    setting

    Description

    "webapp.ldap.enabled"

    Set this value to true to enable LDAP for the

    D s webapp
    .

  4. Configure location and properties of the enterprise LDAP server:

    D s triconf
    setting

    Description

    "webapp.ldap.server.url"

    The URL of the LDAP server

    "webapp.ldap.server.searchFilter"

    The search filter to use when querying the LDAP server for users. Default value is:

    Code Block
    (uid={{username}})

     

     

    "webapp.ldap.server.searchBase"

    The starting point on the LDAP server to begin the search for users.

    Info

    NOTE: This value must be populated.


    Example value:

    Code Block
    dc=example,dc=org

    "webapp.ldap.server.searchAttributes"

    Array of attributes to retrieve from the LDAP server for a user. Modify this value only if your identity provider is sending different attributes.

    "webapp.ldap.server.internalCACertificatePath"

    Path to the CA certificate to use when connecting to the LDAP server over ldaps://.

    "webapp.ldap.server.bindDN"

    The distinguished name used to bind to the LDAP directory.

    Example value:

    Code Block
    cn=admin,dc=example,dc=org

    "webapp.ldap.server.bindCredentials"

    Password for simple authentication to the LDAP server.

    Configure the LDAP property mappings:
    triconf setting


    Info

    NOTE: By default, the

    d-s-

    DescriptionLDAP Property

    "webapp.ldap.mapping.ssoPrincipal"

    LDAP user property defining a user's ssoPrincipal.

    uid

    "webapp.ldap.mapping.name"

    LDAP user property defining a user's name.

    cn

    platform
    uses the admin credentials listed here to perform the initial bind to the active directory. If each user's account is configured to be able to browse directory objects, you can configure the platform to use the individual accounts to perform the full authentication. See "Enable initial bind as user" below.


    Example value:

    Code Block
    cn=admin,dc=example,dc=org

    "webapp.ldap.mappingserver.hadoopPrincipalbindCredentials"

    LDAP user property defining a user's hadoopPrincipal.

    Info

    NOTE: This value must be a case-sensitive match to the value of the LDAP attribute.

    uid

    Password for simple authentication to the LDAP server.

  5. Configure the LDAP property mappings:

    D s triconf
    setting

    DescriptionLDAP Property

    "webapp.ldap.mapping.emailssoPrincipal"

    LDAP user property defining a user's

    email

    ssoPrincipal.

    mail
  6. Save the file.
  7. Restart the platform.
  8. Test authentication.

Use SSL for Native SSO Auth

To enforce SSL connections to the platform, you can create and install an SSL certificate. This certificate is also used when platform-native LDAP integration is enabled. For more information, see Install SSL Certificate.

Listening Port

Defaults:

  • If enabled, SSL utilizes port number 443.
  • By default, the platform is configured to use 3005.

...

  1. uid

    "webapp.ldap.mapping.name"

    LDAP user property defining a user's name.

    cn

    "webapp.ldap.mapping.hadoopPrincipal"

    LDAP user property defining a user's hadoopPrincipal.

    Info

    NOTE: This value must be a case-sensitive match to the value of the LDAP attribute.

    uid

    "webapp.ldap.mapping.email"

    LDAP user property defining a user's email.

    mail
  2. Save the file.
  3. Restart the platform.
  4. Test authentication.

Use SSL for Native SSO Auth

To enforce SSL connections to the platform, you can create and install an SSL certificate. This certificate is also used when platform-native LDAP integration is enabled. For more information, see Install SSL Certificate.

Listening Port

Defaults:

  • If enabled, SSL utilizes port number 443.
  • By default, the platform is configured to use 3005.

If needed, you can change the listening port for the platform to match the port required for your deployment. For more information, see Change Listening Port.

Enable initial bind as user

By default, the 

D s platform
 utilizes a two-tiered mechanism for binding credentials to the LDAP server. 

  • The initial bind performs a Distinguished Name (DN) lookup using an admin account that you specify in the following parameters:

    Code Block
    "webapp.ldap.server.bindDN"
    "webapp.ldap.server.bindCredentials"
  • The secondary bind uses the user's credentials.

Optionally, the 

D s platform
 can be configured to send the user's credentials for the initial bind to the active directory. 

Info

NOTE: Each user's credentials must be configured to be able to browse directory objects.

To enable initial binding using the user's credentials, please set the following configuration flag.

Steps:

  1. D s config
  2. Locate the following parameter and set the value to true:

    Code Block
    "webapp.ldap.server.initialBindAsUser.enabled": false,
  3. In the following parameter, add the distinguished name pattern to use to complete the bind. Example:

    Code Block
    "webapp.ldap.server.initialBindAsUser.bindDnPattern": "uid={{username}},dc=example,dc=org",
  4. Save your changes and restart the platform.

Configure for Apache Reverse Proxy

...