1 / 11

SSO with Microsoft Active Directory Presented by: Craig Larrabee

SSO with Microsoft Active Directory Presented by: Craig Larrabee. This will allow CenterView to determine what user has signed into an Active Directory Domain, and based on that user, get the groups that user is a member of based on the existing Active Directory Authentication plugin.

minerva-hinton
Download Presentation

SSO with Microsoft Active Directory Presented by: Craig Larrabee

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SSO with Microsoft Active Directory Presented by: Craig Larrabee

  2. This will allow CenterView to determine what user has signed into an Active Directory Domain, and based on that user, get the groups that user is a member of based on the existing Active Directory Authentication plugin.

  3. Server Setup • Perform on the server • Drop jcifs-1.2.22.jar into <CenterView Install>/Server/corda/WEB-INF/lib/

  4. Server Setup • Perform on the server • Add the <filter> contents of AD_SSO_Filter.txt to the beginning of the filter section of <CenterView Install>/Server/corda/WEB-INF/web.xml • Add the <filter mapping> contents of AD_SSO_Filter.txt to the beginning of the filter mapping section of <CenterView Install>/Server/corda/WEB-INF/web.xml

  5. Server Setup • Perform on the server • Set the Domain controller address, Domain Name, Username and Password (same as Bind User and Password in AD Auth Plugin) • jcifs.http.domainController: enter the DNS or IP address of the LDAP Server (e.g. 10.10.1.110, or server.domain.com) • jcifs.smb.client.domain: Enter the domain of the server you are authenticating against (e.g. corda.com) • jcifs.smb.client.username:Enter an app account without the domain name (e.g. binduser NOT binduser@corda.com) • jcifs.smb.client.password: app account’s password

  6. Server Setup • Perform on the server • Optional parameter for enabling logging • jcifs.util.loglevel: 0=off-10=verbose default=1 <init-param> <param-name>jcifs.util.loglevel</param-name> <param-value>3</param-value> </init-param> Information is sent to the standard CenterView logs

  7. Server Setup • Perform on the server • Modify the authenticate method of <CenterView install>/Server/plugins/src/examples/auth/activedirectory/ADAuthPlugin.java to use request.getRemoteUser() as the userName (compare the included ADAuthPlugin.java with the one installed with CenterView) • Build the Auth Plugin and put the class file in the correct directory NOTE: I suggest creating a new auth plugin and copying the existing ADAuthPlugin source rather than just modifying the existing one.

  8. Web Browser • Perform the steps in the following slides in the browser

  9. Add the URL to the Local Intranet Zone in Internet Explorer

  10. Add the URL to the network.automatic-ntlm-auth.trusted-uris in Firefox

More Related