Enabling LDAP basic authentication in CTP

 View Only
Fri September 24, 2021 03:25 AM

Here are the steps to enable LDAP authentication in Software AG Runtime (CTP).

  1. In ‘<SAG_HOME>/profiles/CTP/configuration/jaas.config’ file, add your LDAP settings in the beginning:
LdapRealm { 
com.softwareag.security.sin.is.ldap.lm.LDAPLoginModule required alias="name3"
logLevel="DEBUG" 
logFile="../../profiles/CTP/logs/sin.log" 
useLog="TRUE" 
url="<YourLdapServerUrl>" 
prin="CN=<YourUserName>,OU=User,DC=<YourLdapOrgKeys>"
cred="<YourLdapPassword>" 
useaf="false" usecaching="false" 
creategroups=true 
gidprop="SAMAccountName" 
uidprop="SAMAccountName" 
userrootdn="DC=<YourLdapOrgKeys>" 
grouprootdn="DC=<YourLdapOrgKeys>"; 
};
  1. In ‘<SAG_HOME>/profiles/CTP/configuration/tomcat/conf/server.xml’, next line after ‘Realm…’ add:
 <Realm className="com.softwareag.platform.catalina.auth.SINRealm" name="LdapRealm"/>
  1. In ‘<SAG_HOME>/profiles/CTP/configuration/tomcat/conf/web.xml’, near the end (just before ‘web-app’ closing element) add:
<security-constraint>
<web-resource-collection>
<web-resource-name>YourServiceName</web-resource-name>
<url-pattern>/services/YourServiceEndpoint/</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>LdapRealm</realm-name>
</login-config>
<security-role>
<role-name>*</role-name>
</security-role>

The tricky part is the ‘role-name’. The ‘*’ means any role.


#wss
#webMethods
#basic-auth
#ldap
#CTP