This section describes how to use Active Directory for authenticating users with the LDAP server.The LDAP settings SiteMinder SSO for validating users authentication.
XpoLog's integration to SiteMinder supports a scenario where there are SiteMinder's web agents in-front of XpoLog. Users are performing the login operation directly against the SiteMinder, and then being redirected to XpoLog. XpoLog is validating the users authentication and retrieving the information which was passed by the SiteMinder.
The SiteMinder settings include:
...
- General
Initial context factory - Provider URL – the connection URL to the LDAP server (you can use several URLs to multiple LDAP servers separated by a space).
- Manager Settings (optional)
- Manager Path – the manager DN for searching users
- Manager password – the manager’s password
- Search Settings
- Root path– the path for starting to search users.
- Search filter– how to search the users in the LDAP directory; the {0} is replaced with username.
- User path – full path of the user DN; the {0} is replaced with username. For example: uid={0},ou=people,cn=xplg
- Unique id attribute – optional; which attribute of the user will be provided as the unique id of the user.
- Display name attribute – optional; which attribute of the user will be provided as the display name of the user.
- Further Settings
- Group id pattern
- Groups attribute
To configure Active Directory authentication:
- In Provider URL, type the URL to the active directory server – ldap://ACTIVEDIRECTORYSERVER:389/.
- In Search Filter, type sAMAccountName={0}. {0} is replaced with the username.
- In User path, type USER_DOMAIN\{0}, where USER_DOMAIN is the domain of your users.
- In Unique id attribute, type sAMAccountName.
- In Display name attribute,type displayName.
- In Groups attribute, type memberOf.
- Click save.
The LDAP configuration is saved.
- Siteminder Configuration: click the Siteminder Configuration link in order to configure it:
- In order to set more header key for retrieving the user information which was authenticated, you may use ‘,’ as a separator between parameters. For Example: HTTP_SM_USER, HTTP_UID – in this case XpoLog will look for the user first in the HTTP_SM_USER header key, and then if not found in the HTTP_UID header key.
You may use as many keys as you wish. - Save the Siteminder configuration, and save the general settings configuration. XpoLog will then associate users in XpoLog according to SiteMinder’s authentication.
- In order to set more header key for retrieving the user information which was authenticated, you may use ‘,’ as a separator between parameters. For Example: HTTP_SM_USER, HTTP_UID – in this case XpoLog will look for the user first in the HTTP_SM_USER header key, and then if not found in the HTTP_UID header key.
- User header key - key used by the SiteMinder on authenticated users in case where information can be retrieved from the HTTP header (comma separated list. For example: HTTP_SM_USER, HTTP_UID)
XpoLog is using the header key(s) to validate the user's authentication and to retrieve information regarding the user. If more than one key is provided, XpoLog will use the keys one by one to try and retrieve the information. - Client cookie name - cookie name used by the SiteMinder on authenticated users in case where information can be retrieved from a cookie (for example: SMSESSION)
XpoLog is using the cookie name to validate the user's authentication and to retrieve information regarding the user. - Protected URLs - a list of the protected SiteMinder web agents URLs which XpoLog will allow authentication from (comma separated list, wild card supported).
- Group header key - key used by the SiteMinder, used in order to retrieve from the HTTP header information regarding the authenticated user's group(s).
XpoLog is using the header key(s) to retrieve information regarding the user's group(s). If more than one key is provided, XpoLog will use the keys one by one to try and retrieve the information. - Group id pattern - used if a specific value should be retrieved from the authenticated user's group.
- User HTTP request key - key used by the SiteMinder on authenticated users in case where information can be retrieved directly from the HTTP request (comma separated list. For example: HTTP_SM_USER, HTTP_UID)
XpoLog is using the request key(s) to validate the user's authentication and to retrieve information regarding the user. If more than one key is provided, XpoLog will use the keys one by one to try and retrieve the information.
Click save. The SiteMinder configuration is saved.
- User header key - key used by the SiteMinder on authenticated users in case where information can be retrieved from the HTTP header (comma separated list. For example: HTTP_SM_USER, HTTP_UID)