august 25, 20151 sso with microsoft active directory presented by: craig larrabee
TRANSCRIPT
![Page 1: August 25, 20151 SSO with Microsoft Active Directory Presented by: Craig Larrabee](https://reader035.vdocuments.us/reader035/viewer/2022072010/56649ddd5503460f94ad54a7/html5/thumbnails/1.jpg)
April 19, 2023 1
SSO with Microsoft Active Directory
Presented by: Craig Larrabee
![Page 2: August 25, 20151 SSO with Microsoft Active Directory Presented by: Craig Larrabee](https://reader035.vdocuments.us/reader035/viewer/2022072010/56649ddd5503460f94ad54a7/html5/thumbnails/2.jpg)
• This will allow CenterView to determine what user has signed into an Active Directory Domain, and based on that user, get the groups that user is a member of based on the existing Active Directory Authentication plugin.
April 19, 2023 2
![Page 3: August 25, 20151 SSO with Microsoft Active Directory Presented by: Craig Larrabee](https://reader035.vdocuments.us/reader035/viewer/2022072010/56649ddd5503460f94ad54a7/html5/thumbnails/3.jpg)
Server Setup
• Perform on the server– Drop jcifs-1.2.22.jar into <CenterView
Install>/Server/corda/WEB-INF/lib/
April 19, 2023 3
•
![Page 4: August 25, 20151 SSO with Microsoft Active Directory Presented by: Craig Larrabee](https://reader035.vdocuments.us/reader035/viewer/2022072010/56649ddd5503460f94ad54a7/html5/thumbnails/4.jpg)
Server Setup
• Perform on the server• Add the <filter> contents of AD_SSO_Filter.txt to the
beginning of the filter section of <CenterView Install>/Server/corda/WEB-INF/web.xml
• Add the <filter mapping> contents of AD_SSO_Filter.txt to the beginning of the filter mapping section of <CenterView Install>/Server/corda/WEB-INF/web.xml
April 19, 2023 4
![Page 5: August 25, 20151 SSO with Microsoft Active Directory Presented by: Craig Larrabee](https://reader035.vdocuments.us/reader035/viewer/2022072010/56649ddd5503460f94ad54a7/html5/thumbnails/5.jpg)
Server Setup
• Perform on the server• Set the Domain controller address, Domain Name, Username
and Password (same as Bind User and Password in AD Auth Plugin)
• jcifs.http.domainController: enter the DNS or IP address of the LDAP Server (e.g. 10.10.1.110, or server.domain.com)
• jcifs.smb.client.domain: Enter the domain of the server you are authenticating against (e.g. corda.com)
• jcifs.smb.client.username:Enter an app account without the domain name (e.g. binduser NOT [email protected])
• jcifs.smb.client.password: app account’s password
April 19, 2023 5
![Page 6: August 25, 20151 SSO with Microsoft Active Directory Presented by: Craig Larrabee](https://reader035.vdocuments.us/reader035/viewer/2022072010/56649ddd5503460f94ad54a7/html5/thumbnails/6.jpg)
Server Setup
• Perform on the server• Optional parameter for enabling logging• jcifs.util.loglevel: 0=off-10=verbose default=1
<init-param><param-name>jcifs.util.loglevel</param-name><param-value>3</param-value>
</init-param>
Information is sent to the standard CenterView logs
April 19, 2023 6
![Page 7: August 25, 20151 SSO with Microsoft Active Directory Presented by: Craig Larrabee](https://reader035.vdocuments.us/reader035/viewer/2022072010/56649ddd5503460f94ad54a7/html5/thumbnails/7.jpg)
Server Setup
• Perform on the server• Modify the authenticate method of <CenterView
install>/Server/plugins/src/examples/auth/activedirectory/ADAuthPlugin.java to use request.getRemoteUser() as the userName (compare the included ADAuthPlugin.java with the one installed with CenterView)
• Build the Auth Plugin and put the class file in the correct directory
NOTE: I suggest creating a new auth plugin and copying the existing ADAuthPlugin source rather than just modifying the existing one.
April 19, 2023 7
![Page 8: August 25, 20151 SSO with Microsoft Active Directory Presented by: Craig Larrabee](https://reader035.vdocuments.us/reader035/viewer/2022072010/56649ddd5503460f94ad54a7/html5/thumbnails/8.jpg)
Web Browser
• Perform the steps in the following slides in the browser
04/19/23 8
![Page 9: August 25, 20151 SSO with Microsoft Active Directory Presented by: Craig Larrabee](https://reader035.vdocuments.us/reader035/viewer/2022072010/56649ddd5503460f94ad54a7/html5/thumbnails/9.jpg)
Add the URL to the Local Intranet Zone in Internet Explorer
April 19, 20239
![Page 10: August 25, 20151 SSO with Microsoft Active Directory Presented by: Craig Larrabee](https://reader035.vdocuments.us/reader035/viewer/2022072010/56649ddd5503460f94ad54a7/html5/thumbnails/10.jpg)
Add the URL to the network.automatic-ntlm-auth.trusted-uris in Firefox
April 19, 2023 10
![Page 11: August 25, 20151 SSO with Microsoft Active Directory Presented by: Craig Larrabee](https://reader035.vdocuments.us/reader035/viewer/2022072010/56649ddd5503460f94ad54a7/html5/thumbnails/11.jpg)