FAQ

Most Popular

You can configure LDAP authentication as a single authentication method. The steps are: – copy the ${MUSE_HOME}/use/ice/profiles/ICELoginModuleLDAP.xml file into the application which is to be configured, into the ${MUSE_HOME}/home/ApplicationID/profiles/ folder, where replace ApplicationID with the exact application ID you wish to configure with LDAP authentication. – configure the necessary Muse login modules for the application. Below is their list in the correct order along with the correct flag values: – ICELoginModuleXML – required; – ICELoginModuleParametersRemap – required; – ICELoginModuleLDAP – requisite. The configuration of the login modules is done through the Muse Console for Applications Administration as follows: select the desired application from the list of applications and click on the left menu – “Login Modules”; from this location manage the login modules: add, delete or edit them. The ICELoginModuleParametersRemap login module must have the following attributes and values: ldapUserPwd=”wwwAuthPwd” ldapUserID=”wwwAuthID” . – Configure the properties of the ICELoginModuleLDAP login module: – in the MCAA console select the desired application from the list of applications and click on the left menu – “Login Modules” and in the “Login Modules” panel click on the “Edit” link from next to the ICELoginModuleLDAP entry; – in the editor page change the value for the “config” field from the default "${ICE_HOME}/profiles/ICELoginModuleLDAP.xml" to ${MUSE_HOME}/home/ApplicationID/profiles/ICELoginModuleLDAP.xml where replace ApplicationID with the exact application ID you wish to configure with LDAP authentication. – click the “Update” button; – click the “Edit Config File” and configure the elements specific to the LDAP server, such as LDAP-URL, BASE-DN…etc. – Create a login page where the enduser will enter his/hers LDAP credentials to login into the application: – create a backup copy of the ${MUSE_HOME}/web/www/logon/ApplicationID/index.html file, where replace ApplicationID with the exact application ID you wish to configure with LDAP authentication. – edit the ${MUSE_HOME}/web/www/logon/ApplicationID/index.html file, locate the line:
and replace the content from below that line until the line
with
User Name:
Password:
 
where replace the 2 ApplicationID occurrences with the exact application ID you wish to configure with LDAP authentication and ApplicationPassword with the right password. – the access URL for authenticating with LDAP credentials in this application is: http://MUSE_SERVER:MUSE_PORT/muse/logon/ApplicationID/ where replace ApplicationID with the exact application ID you wish to configure with LDAP authentication

Load More

Latest

The functioning principle of this authentication scenario is as follows:
– the enduser accesses the provided Muse URL;
– if the enduser’s IP is among the IPs/subnets configured for the desired application then he/she will be successfully logged in;
– if the enduser is not IP authenticated then he/she will be presented with a Muse logon form where to enter the personal LDAP authentication details.
Below are the steps to implement this scenario:
1) configure the necessary Muse login modules for the desired application. Below is their list in order along with the correct flag values:
– ICELoginModuleXML – required;
– ICELoginModuleIP – sufficient;
– ICELoginModuleParametersRemap – required;
– ICELoginModuleLDAP – requisite.
The configuration of the login modules is done through the Muse Console for Applications Administration as follows: select the desired application from the list of application and click on the left menu – “Login Modules”; from this location manage the login modules: add, delete or edit them. The ICELoginModuleParametersRemap login module must have the following attributes and values: ldapUserPwd=”wwwAuthPwd” ldapUserID=”wwwAuthID” (see below).
The context for the desired application in the $ICE_HOME/jaas.config file should look like:
ApplicationID {
com.edulib.ice.security.authentication.ICELoginModuleXML required passwords="${ICE_HOME}/profiles/passwords.xml";
com.edulib.ice.security.authentication.ICELoginModuleIP sufficient hosts="${ICE_HOME}/profiles/hosts.xml";
com.edulib.ice.security.authentication.ICELoginModuleParametersRemap required ldapUserPwd="wwwAuthPwd" ldapUserID="wwwAuthID";
com.edulib.ice.security.authentication.ICELoginModuleLDAP requisite config="${MUSE_HOME}/home/ApplicationID/profiles/ICELoginModuleLDAP.xml";
};

2) Configure the login modules’ properties.
– copy ${ICE_HOME}/profiles/ICELoginModuleLDAP.xml to ${MUSE_HOME}/home/ApplicationID/profiles/ICELoginModuleLDAP.xml (is not already existing);
– for the ICELoginModuleIP login module add a new entry in the ${ICE_HOME}/profiles/hosts.xml file for the desired application along with the list of IPs/subnets that will access the application by IP.
– for the ICELoginModuleLDAP login module make the necessary configurations in the ${MUSE_HOME}/home/ApplicationID/profiles/ICELoginModuleLDAP.xml with the access details and settings for the LDAP server. The following fields from the ${MUSE_HOME}/home/ApplicationID/profiles/ICELoginModuleLDAP.xml must be filled in with proper values: LDAP-URL, BASE-DN and USER-AUTHENTICATION.
3) Add the necessary HTML files for the desired application for handling the IP/LDAP authentication scenario:
– an index (index.html) file which will be the access point for the enduser; the role of this is to transparently submit the username and password of the application.






- a page (index2.html) which presents the logon form for the LDAP details in case the IP authentication fails;








User Name:
Password:

- an error (error.html) page which is displayed in case the LDAP authentication fails too.








User Name:
Password:


Note: replace all ApplicationID and ApplicationPassword occurrences with the exact application ID and application password you wish to configure. Also, the html code above is the basic one, with no formatting. Please format it as needed and enclose it in complete/valid html pages.

You can configure LDAP authentication as a single authentication method. The steps are:
– copy the ${MUSE_HOME}/use/ice/profiles/ICELoginModuleLDAP.xml file into the application which is to be configured, into the ${MUSE_HOME}/home/ApplicationID/profiles/ folder, where replace ApplicationID with the exact application ID you wish to configure with LDAP authentication.
– configure the necessary Muse login modules for the application. Below is their list in the correct order along with the correct flag values:
– ICELoginModuleXML – required;
– ICELoginModuleParametersRemap – required;
– ICELoginModuleLDAP – requisite.
The configuration of the login modules is done through the Muse Console for Applications Administration as follows: select the desired application from the list of applications and click on the left menu – “Login Modules”; from this location manage the login modules: add, delete or edit them. The ICELoginModuleParametersRemap login module must have the following attributes and values: ldapUserPwd=”wwwAuthPwd” ldapUserID=”wwwAuthID” .
– Configure the properties of the ICELoginModuleLDAP login module:
– in the MCAA console select the desired application from the list of applications and click on the left menu – “Login Modules” and in the “Login Modules” panel click on the “Edit” link from next to the ICELoginModuleLDAP entry;
– in the editor page change the value for the “config” field from the default "${ICE_HOME}/profiles/ICELoginModuleLDAP.xml" to
${MUSE_HOME}/home/ApplicationID/profiles/ICELoginModuleLDAP.xml
where replace ApplicationID with the exact application ID you wish to configure with LDAP authentication.
– click the “Update” button;
– click the “Edit Config File” and configure the elements specific to the LDAP server, such as LDAP-URL, BASE-DN…etc.
– Create a login page where the enduser will enter his/hers LDAP credentials to login into the application:
– create a backup copy of the ${MUSE_HOME}/web/www/logon/ApplicationID/index.html file, where replace ApplicationID with the exact application ID you wish to configure with LDAP authentication.
– edit the ${MUSE_HOME}/web/www/logon/ApplicationID/index.html file, locate the line:

and replace the content from below that line until the line

with







User Name:
Password:
 


where replace the 2 ApplicationID occurrences with the exact application ID you wish to configure with LDAP authentication and ApplicationPassword with the right password.
– the access URL for authenticating with LDAP credentials in this application is:
http://MUSE_SERVER:MUSE_PORT/muse/logon/ApplicationID/
where replace ApplicationID with the exact application ID you wish to configure with LDAP authentication

For authenticating the end-users into a Muse Proxy Application the following authentication modules are available:
ProxyLoginModuleUserPassword. Performs User Name/Password authentication.
ProxyLoginModuleIP. Performs IP authentication based on client machine IP.
ProxyLoginModuleLDAP. Performs authentication against a LDAP Server.
ProxyLoginModuleFTP. Performs authentication against a FTP Server. The FTP authentication module supports NONE, SSL or TLS connection encryptions.
– ProxyLoginModuleIMAP. Performs authentication against a IMAP Server. The IMAP authentication module supports NONE, SSL or TLS connection encryptions.
ProxyLoginModuleSQL. Performs authentication against an SQL Server through Java Database Connectivity (JDBC). The SQL authentication module supports NONE, SSL or TLS connection encryptions.
ProxyLoginModuleReferer.Performs authentication against the client’s referer URL.

You can read more about the authentication in a Muse Proxy Application in the “Muse Proxy.pdf” manual, chapter “Authentication of a Muse Proxy Application”.

Categories: General, Muse Proxy

Load More