Active Directory

Topics related to the integration of LSPS with external systems.
Forum rules
Make sure every topic contains information about your LSPS version and if relevant also your server OS, client OS, database name and version, and application server name and version.
User avatar
randy.adkins
 
Posts: 38
Joined: Tue Mar 06, 2012 4:17 pm

Active Directory

Mon Jun 11, 2012 6:57 pm

Are there instructions for using Active Directory for security of the LSPS 2.5.1 application,management console?

Rastislav Cesnek
 
Posts: 4
Joined: Tue Jun 05, 2012 10:15 am

Re: Active Directory

Tue Jun 26, 2012 8:17 pm

Hi.

There is no "straightforward" way to use ActiveDirectory.

Roughly, this would be a two-step process:
    1) By default, LSPS uses a login module for the security realm which authenticates users against the internal database. To use active directory, a respective login module would have to be used (either provided by the Application Server vendor or custom developed) and the deployment descriptors in the EAR would have to be adjusted.

    2) As a second step, the internal implementation of SecurityManagerService in LSPS would need to be swapped with an implementation resolving the user roles and rights against the data in Active Directory.
There are a few other points such as the internal principals used for process execution which must remain available with appropriate roles/rights for the execution engine to work correctly.

Maros Bajtos
 
Posts: 145
Joined: Mon Feb 27, 2012 2:52 pm

Re: Active Directory

Wed Jun 27, 2012 8:54 am

However, previous post is valid only for 2.6+, since 2.5.1 doesn't support custom user management. With 2.5.1, the only option is to create a login module, which will authenticate user against the active directory and creates user in LSPS database on the first login. This login module might also consider synchronizing roles information defined in the active directory with lsps roles assigned to the user.

User avatar
randy.adkins
 
Posts: 38
Joined: Tue Mar 06, 2012 4:17 pm

Re: Active Directory

Mon Jul 16, 2012 9:41 pm

We were able to implement the login module provided. How could we restrict the authenticated users to an LSPS_Console group and not those in WL_Console group?

Should we use the deployment descriptor, custom code or is there a way within the security provider?

Maros Bajtos
 
Posts: 145
Joined: Mon Feb 27, 2012 2:52 pm

Re: Active Directory

Tue Jul 17, 2012 9:08 am

This should be in the logic of your custom login module. If the user doesn't belong to the required group, just don't authenticate him.

Return to Integration

Who is online

Users browsing this forum: No registered users and 1 guest