HACP & HATS User Group - Group home

IBM Host-On Demand_Windows Domain Authentication Setup

  

 

IBM Host On-Demand Windows Domain Authentication

 

IBM Host On-Demand helps user to logon automatically to the configuration server-based model-html pages, using their local system ID and access the session that belongs to the group to which the users are added. This document gives the user a brief note on how  Windows Domain Authentication works in IBM Host On-Demand.

Configuring IBM HOD to support Windows Domain Authentication

 

HOD Server-side configuration

Pre-requisite:

  1. The User should be part of a Domain (Active directory).
  2. Host On-Demand should be installed and configured with any of the supported Web servers in the HOD Server Machine.

Fig 1. Adding User to a  Domain

  1. As per Fig 3, if user wants to use the sessions from default group of the HOD Server, they can provide the Group name as HOD(Default group) .

 

(or)

As per Fig 3, if Admin wants to map the users to User-defined group, they can login to HODAdminFull.html page, with default credentials and create a group.

Admin can add the required sessions to the group. (which can be used by all the users mapped to that group)

Fig 2. IBM HOD Server Log-in panel

 

 

Fig 3. IBM HOD Server Users panel

Windows Domain Configuration steps using HOD:

 

Step 1: Launch Deployment Wizard utility from Start MenuàIBM Host On-Demand.

Step 2: Select “Create a new HTML File” option and click Next.

 

Fig 4. IBM HOD Deployment Wizard Welcome panel

Step 3: Select “Configuration server-based model” and click Next.

 

 

 

Fig 5. IBM HOD Deployment Wizard -Configuration Model panel

 

Step 4:

  1. In the Logon Type panel, select the “Automatically log users on to Host On-Demand using their Windows username” option. (as shown in Fig 6)
  2. In the “Users are from Windows domain” option provide the Domain name to which the user belongs.
  3. In the “Create User ID if it doesn’t exist?” Option

 

  • If user choose “yes” option for “Create User ID if it doesn’t exist?” field, and the Host On-Demand user ID doesn't already exist (matching the Window's username), one will automatically be created in the specified Host On-Demand group. (Unless you are using LDAP, you can add the user ID to multiple groups by listing all the groups separated by commas.)
  • If you choose “No”, and the user ID doesn't already exist, they will be denied access to Host On-Demand.
  • Once this is done, Click Next.

Fig 6. IBM HOD Deployment Wizard Logon Type panel

 

Step 5: Select the preferred Client Type and click Next

Fig 7. IBM HOD Deployment Wizard Additional Options panel

 

Step 6: Create the html page by providing the Page Title and File name.

Fig 8. IBM HOD Deployment Wizard File Name and Output Format panel

 

 

Fig 9. IBM HOD Deployment Wizard Congratulations panel

 

HOD Client-side configuration

Pre-requisite:

  1. Java system should be configured to work with .jnlp and HOD launcher.

 

Steps for verifying Windows Domain Authentication in Client machine

  • Below steps are applicable only If the user selects “yes” option (in Fig 6 ).

 

Step 1: Launch the created html file in the client machine (created in Fig-9 above).

A user will be created in the HOD Server immediately after the html page is launched.

Fig 10. Launching Client page in browser

 

Step 2: The User can be logged directly into the Configuration based html page using their local system credentials.

User will be able to view the sessions created in the group to which they belong.

 

Fig 11. Automatic Log on using windows credentials

 

 

Step 3: The Logged-in user will be automatically created in the HOD Server (as mentioned in Step 2).

The user identity will be represented as “username (created by system)” under the specified group to which the user belongs.

The username will be same as the “Local system username”.

 

Fig 12. User added automatically in HOD Server

 

  • Below steps are applicable, If the user selects option “No” (in Fig 6 ).

Step 1: The User need to create a “new user” and add to the preferred group in the HOD Server.

The newly created username should match the Local system user ID

Fig 13. Creating new User in HOD Server

 

Step 2: Launch the created html file in the client machine (created in Fig-9 above).

Step 3: The User can be logged directly into the Configuration based html page using their local system credentials.

User will be able to view the sessions created in the group to which they belong.

 

NOTE:

If the user is not a part of any Domain, this functionality will not work. So before trying to use this option of IBM Host On-Demand, the user should be part of an Active directory.

 

Additional Information

The Administrator can copy the newly created users to required groups and make the client access the sessions created under that groups, below images depict this information.

Step 1:

 

 

 

Step 2:

Step 3 :