Configuring AuthLink Authentication

The following sections explain how to configure your environment to support AuthLink authentication. The process involves the following steps:

Configuring Authentication Properties

Configuring a Secured Connection

Note: Before performing the following procedures, verify that the Authentication Link application has been properly set up. For details, refer to the Jacada Interaction Server Installation Guide (Setting Up the Authentication Link).
tog_minusConfiguring Authentication Properties

The authentication.properties file is a configuration file for the LDAP server settings. This file is provided as part of the distribution package.

The properties related to LDAP server settings are listed in the following table. Each property needs to be configured according to your LDAP settings and directory structure.

Property

Description/Notes

Example

ldap.url

The URL for the LDAP server. It may be separated to host, port, and schema.

ldap://10.90.17.46:389

ldap.base

The LDAP root from which all searches are started.

dc=devdomain,dc=develop,dc=com

ldap.user

The full DN of the Admin user used for LDAP connectivity. This user is never exposed to the  Interaction Server.

cn=interact,cn=Users,dc=devdomain,dc=develop,dc=com

ldap.password

Password of the Admin user. When the application starts, the value of this property is encrypted by the server. The password is thus never exposed to the Interaction Server.

 

ldap.password.encrypted

This flag specifies whether the ldap.password is clear text or encrypted. Initially the value should be false. When the application starts, the server encrypts the value of ldap.password and saves the encrypted value back to the properties file. The value of the ldap.password.encrypted property is then set to true.

For details about how to change the password, refer to the procedure below the table.

 

ldap.user.loginAttribute

This property is used to bind users during authentication. To allow users to login using different properties, a comma separated list of values can be used.

uid, sAMAccountName

ldap.user.objectClass

Name of the object class that identifies a user.

person

ldap.user.memberOf.attribute

This property is used to identify group memberships of users.

memberOf

ldap.group.name.attribute

Identifies a group name.

cn

ldap.group.memberOf.attribute

This property is used to identify group memberships of groups.

memberOf

ldap.group.search.depth

Defines the number of levels (up the group hierarchy) that are searched when a search for group membership is done. When the value is set to 0, the search is done only on the groups to which the user directly belongs.

3

ldap.admin.groups

A comma separated list of Admin group names. Users belonging to any of these groups will have Admin privileges in the Jacada Interaction Server Admin Console. (Admin privileges include the ability to inactivate other users and change a password on behalf of other users.)

administrators

token.timeout

The time period (in minutes) for which the access token provided by the Authentication Link server is valid.

 

The following example shows sample content of the authentication.properties file:

#LDAP Properties

#Wed Aug 14 12:20:27 IDT 2013

ldap.user=cn\=interact, cn\=Users,dc\=devdomain,dc\=develop,dc\=com

ldap.url=ldap\://10.90.17.46\:389

ldap.password.encrypted=true

ldap.base=dc\=devdomain,dc\=develop,dc\=com

ldap.password=Hca72ROiW_RCA0itgXlKkg

ldap.user.loginAttribute=cn,uid,sAMAccountName

ldap.user.memberOf.attribute=memberOf

ldap.user.objectClass=person

ldap.group.search.depth=3

ldap.group.memberOf.attribute=memberOf

ldap.group.name.attribute=cn

ldap.admin.groups=jasgroup,ofer_a1

#Token Service Properties

#Wed Aug 14 12:20:27 IDT 2013

token.timeout=600

To change the password:

1.Set the ldap.password.encrypted property to false.

2.Set the ldap.password property to the value of the new password (in clear text).

3.Restart the server.

The application encrypts the new password, and writes the value back to the properties file.
tog_minusConfiguring a Secured Connection

Jacada Interaction Server supports an SSL connection to the LDAP server, using ldaps.

To configure a secured connection:

1.Set the ldap.url property to use SSL. For example, ldap.url = ldaps://10.90.17.46:636.

2.Export the LDAP server certificate, and import it to your Tomcat's JVM.