FAQ
FAQ by Product
Most Popular
${MUSE_HOME}/use/ice/profiles/ICELoginModuleLDAP.xml
file into the application which is to be configured, into the ${MUSE_HOME}/home/ApplicationID/profiles/ folder
, where replace ApplicationID with the exact application ID you wish to configure with LDAP authentication.
– configure the necessary Muse login modules for the application. Below is their list in the correct order along with the correct flag values:
– ICELoginModuleXML – required;
– ICELoginModuleParametersRemap – required;
– ICELoginModuleLDAP – requisite.
The configuration of the login modules is done through the Muse Console for Applications Administration as follows: select the desired application from the list of applications and click on the left menu – “Login Modules”; from this location manage the login modules: add, delete or edit them. The ICELoginModuleParametersRemap login module must have the following attributes and values: ldapUserPwd=”wwwAuthPwd” ldapUserID=”wwwAuthID” .
– Configure the properties of the ICELoginModuleLDAP login module:
– in the MCAA console select the desired application from the list of applications and click on the left menu – “Login Modules” and in the “Login Modules” panel click on the “Edit” link from next to the ICELoginModuleLDAP entry;
– in the editor page change the value for the “config” field from the default "${ICE_HOME}/profiles/ICELoginModuleLDAP.xml"
to
${MUSE_HOME}/home/ApplicationID/profiles/ICELoginModuleLDAP.xml
where replace ApplicationID with the exact application ID you wish to configure with LDAP authentication.
– click the “Update” button;
– click the “Edit Config File” and configure the elements specific to the LDAP server, such as LDAP-URL, BASE-DN…etc.
– Create a login page where the enduser will enter his/hers LDAP credentials to login into the application:
– create a backup copy of the ${MUSE_HOME}/web/www/logon/ApplicationID/index.html
file, where replace ApplicationID with the exact application ID you wish to configure with LDAP authentication.
– edit the ${MUSE_HOME}/web/www/logon/ApplicationID/index.html
file, locate the line:
with
User Name:
Password:
where replace the 2 ApplicationID occurrences with the exact application ID you wish to configure with LDAP authentication and ApplicationPassword with the right password.
– the access URL for authenticating with LDAP credentials in this application is:
http://MUSE_SERVER:MUSE_PORT/muse/logon/ApplicationID/
where replace ApplicationID with the exact application ID you wish to configure with LDAP authentication
Load More
Latest
The functioning principle of this authentication scenario is as follows:
– the enduser accesses the provided Muse URL;
– if the enduser’s IP is among the IPs/subnets configured for the desired application then he/she will be successfully logged in;
– if the enduser is not IP authenticated then he/she will be presented with a Muse logon form where to enter the personal LDAP authentication details.
Below are the steps to implement this scenario:
1) configure the necessary Muse login modules for the desired application. Below is their list in order along with the correct flag values:
– ICELoginModuleXML – required;
– ICELoginModuleIP – sufficient;
– ICELoginModuleParametersRemap – required;
– ICELoginModuleLDAP – requisite.
The configuration of the login modules is done through the Muse Console for Applications Administration as follows: select the desired application from the list of application and click on the left menu – “Login Modules”; from this location manage the login modules: add, delete or edit them. The ICELoginModuleParametersRemap login module must have the following attributes and values: ldapUserPwd=”wwwAuthPwd” ldapUserID=”wwwAuthID” (see below).
The context for the desired application in the $ICE_HOME/jaas.config
file should look like:
ApplicationID {
com.edulib.ice.security.authentication.ICELoginModuleXML required passwords="${ICE_HOME}/profiles/passwords.xml";
com.edulib.ice.security.authentication.ICELoginModuleIP sufficient hosts="${ICE_HOME}/profiles/hosts.xml";
com.edulib.ice.security.authentication.ICELoginModuleParametersRemap required ldapUserPwd="wwwAuthPwd" ldapUserID="wwwAuthID";
com.edulib.ice.security.authentication.ICELoginModuleLDAP requisite config="${MUSE_HOME}/home/ApplicationID/profiles/ICELoginModuleLDAP.xml";
};
2) Configure the login modules’ properties.
– copy ${ICE_HOME}/profiles/ICELoginModuleLDAP.xml
to ${MUSE_HOME}/home/ApplicationID/profiles/ICELoginModuleLDAP.xml
(is not already existing);
– for the ICELoginModuleIP login module add a new entry in the ${ICE_HOME}/profiles/hosts.xml
file for the desired application along with the list of IPs/subnets that will access the application by IP.
– for the ICELoginModuleLDAP login module make the necessary configurations in the ${MUSE_HOME}/home/ApplicationID/profiles/ICELoginModuleLDAP.xml
with the access details and settings for the LDAP server. The following fields from the ${MUSE_HOME}/home/ApplicationID/profiles/ICELoginModuleLDAP.xml
must be filled in with proper values: LDAP-URL, BASE-DN and USER-AUTHENTICATION.
3) Add the necessary HTML files for the desired application for handling the IP/LDAP authentication scenario:
– an index (index.html) file which will be the access point for the enduser; the role of this is to transparently submit the username and password of the application.
- a page (index2.html) which presents the logon form for the LDAP details in case the IP authentication fails;
- an error (error.html) page which is displayed in case the LDAP authentication fails too.
Note: replace all ApplicationID and ApplicationPassword occurrences with the exact application ID and application password you wish to configure. Also, the html code above is the basic one, with no formatting. Please format it as needed and enclose it in complete/valid html pages.
You can configure LDAP authentication as a single authentication method. The steps are:
– copy the ${MUSE_HOME}/use/ice/profiles/ICELoginModuleLDAP.xml
file into the application which is to be configured, into the ${MUSE_HOME}/home/ApplicationID/profiles/ folder
, where replace ApplicationID with the exact application ID you wish to configure with LDAP authentication.
– configure the necessary Muse login modules for the application. Below is their list in the correct order along with the correct flag values:
– ICELoginModuleXML – required;
– ICELoginModuleParametersRemap – required;
– ICELoginModuleLDAP – requisite.
The configuration of the login modules is done through the Muse Console for Applications Administration as follows: select the desired application from the list of applications and click on the left menu – “Login Modules”; from this location manage the login modules: add, delete or edit them. The ICELoginModuleParametersRemap login module must have the following attributes and values: ldapUserPwd=”wwwAuthPwd” ldapUserID=”wwwAuthID” .
– Configure the properties of the ICELoginModuleLDAP login module:
– in the MCAA console select the desired application from the list of applications and click on the left menu – “Login Modules” and in the “Login Modules” panel click on the “Edit” link from next to the ICELoginModuleLDAP entry;
– in the editor page change the value for the “config” field from the default "${ICE_HOME}/profiles/ICELoginModuleLDAP.xml"
to
${MUSE_HOME}/home/ApplicationID/profiles/ICELoginModuleLDAP.xml
where replace ApplicationID with the exact application ID you wish to configure with LDAP authentication.
– click the “Update” button;
– click the “Edit Config File” and configure the elements specific to the LDAP server, such as LDAP-URL, BASE-DN…etc.
– Create a login page where the enduser will enter his/hers LDAP credentials to login into the application:
– create a backup copy of the ${MUSE_HOME}/web/www/logon/ApplicationID/index.html
file, where replace ApplicationID with the exact application ID you wish to configure with LDAP authentication.
– edit the ${MUSE_HOME}/web/www/logon/ApplicationID/index.html
file, locate the line:
with
User Name: | |
Password: | |
where replace the 2 ApplicationID occurrences with the exact application ID you wish to configure with LDAP authentication and ApplicationPassword with the right password.
– the access URL for authenticating with LDAP credentials in this application is:
http://MUSE_SERVER:MUSE_PORT/muse/logon/ApplicationID/
where replace ApplicationID with the exact application ID you wish to configure with LDAP authentication
For authenticating the end-users into a Muse Proxy Application the following authentication modules are available:
–ProxyLoginModuleUserPassword.
Performs User Name/Password authentication.
–ProxyLoginModuleIP.
Performs IP authentication based on client machine IP.
–ProxyLoginModuleLDAP.
Performs authentication against a LDAP Server.
–ProxyLoginModuleFTP.
Performs authentication against a FTP Server. The FTP authentication module supports NONE, SSL or TLS connection encryptions.
– ProxyLoginModuleIMAP. Performs authentication against a IMAP Server. The IMAP authentication module supports NONE, SSL or TLS connection encryptions.
–ProxyLoginModuleSQL.
Performs authentication against an SQL Server through Java Database Connectivity (JDBC). The SQL authentication module supports NONE, SSL or TLS connection encryptions.
–ProxyLoginModuleReferer.
Performs authentication against the client’s referer URL.
You can read more about the authentication in a Muse Proxy Application in the “Muse Proxy.pdf” manual, chapter “Authentication of a Muse Proxy Application”.