Upload
walter-evans
View
217
Download
5
Embed Size (px)
Citation preview
April 19, 2023 1
SSO with Microsoft Active Directory
Presented by: Craig Larrabee
• This will allow CenterView to determine what user has signed into an Active Directory Domain, and based on that user, get the groups that user is a member of based on the existing Active Directory Authentication plugin.
April 19, 2023 2
Server Setup
• Perform on the server– Drop jcifs-1.2.22.jar into <CenterView
Install>/Server/corda/WEB-INF/lib/
April 19, 2023 3
•
Server Setup
• Perform on the server• Add the <filter> contents of AD_SSO_Filter.txt to the
beginning of the filter section of <CenterView Install>/Server/corda/WEB-INF/web.xml
• Add the <filter mapping> contents of AD_SSO_Filter.txt to the beginning of the filter mapping section of <CenterView Install>/Server/corda/WEB-INF/web.xml
April 19, 2023 4
Server Setup
• Perform on the server• Set the Domain controller address, Domain Name, Username
and Password (same as Bind User and Password in AD Auth Plugin)
• jcifs.http.domainController: enter the DNS or IP address of the LDAP Server (e.g. 10.10.1.110, or server.domain.com)
• jcifs.smb.client.domain: Enter the domain of the server you are authenticating against (e.g. corda.com)
• jcifs.smb.client.username:Enter an app account without the domain name (e.g. binduser NOT [email protected])
• jcifs.smb.client.password: app account’s password
April 19, 2023 5
Server Setup
• Perform on the server• Optional parameter for enabling logging• jcifs.util.loglevel: 0=off-10=verbose default=1
<init-param><param-name>jcifs.util.loglevel</param-name><param-value>3</param-value>
</init-param>
Information is sent to the standard CenterView logs
April 19, 2023 6
Server Setup
• Perform on the server• Modify the authenticate method of <CenterView
install>/Server/plugins/src/examples/auth/activedirectory/ADAuthPlugin.java to use request.getRemoteUser() as the userName (compare the included ADAuthPlugin.java with the one installed with CenterView)
• Build the Auth Plugin and put the class file in the correct directory
NOTE: I suggest creating a new auth plugin and copying the existing ADAuthPlugin source rather than just modifying the existing one.
April 19, 2023 7
Web Browser
• Perform the steps in the following slides in the browser
04/19/23 8
Add the URL to the Local Intranet Zone in Internet Explorer
April 19, 20239
Add the URL to the network.automatic-ntlm-auth.trusted-uris in Firefox
April 19, 2023 10