User Management

Overview

This module is responsible for handling the user’s connectivity to the application. It handles authentication as well as authorization process for the user.

Configuration

Login configuration

For a user to login into Ephesoft, we need to configure “server.xml” file located in the <Ephesoft installation path>\JavaAppServer\conf folder.

The admin will configure a tag named “Realm” located in server.xml. The tag can be located at following structure:

<Server>

<Service>

<Engine>

<Host>

<Context >

<Realm />

</Context>

</Host>

</Engine>

</Service>

</Server>

 

The realm tag has many configurable parameters. The use and need of these parameters depends upon the type of authentication server used by the user.

Various implementations can be configured at once. Please refer to this link for configuring the Realms according to your requirements. Tomcat Realms

The commonly used realm configurations are:

The user which tries to login to the application, the username and password are verified against the mentioned authentication server using the specified configuration properties.

Ephesoft user roles handling

Ephesoft, on the basis of the roles of the user logged in to the application, decides the following:

  • Batch classes the user will be allowed to view on the batch class management view.
  • Batch instance the user will be allowed to view batch instance management view.
  • Folders the user is allowed to view on the folder management view.
  • Scanner profiles and other configurations on the web scanner view.

The user roles for the logged in user will be verified from authentication server configured in the property file<Ephesoft installation path>\Application\WEB-INF\classes\META-INF\dcma-user-connectivity\user-connectivity.properties:

Following is the list of the configurable properties for this properties file

 

  • Configurable properties common for both LDAP & MS-Active Directory

 

[table caption=”” width=”800″ colwidth=”20|100|50″ colalign=”left|left|center|left|right”]
Configurable property,Type of value,Value options,Description
user.connectivity_url,String,A valid URL to connect to the server.,”The connection URL should be in following format: ldap://(server_address):(port_number)”
user.connectivity_config,String,N-A,Class name for specifying the context factory.
user.connectivity_domain_component_name,String,N-A,The domain component name for the LDAP/ msactivedirectory configuration.
user.connectivity_domain_component_organization,String,N-A,”The domain component organization name for the LDAP/msactivedirectory configuration.”
user.connectivity_username,String,A valid username to connect and access LDAP /Active Directory server.,”The username of the user responsible for interacting with the server. Only required if LDAP/Active directory is used for connecting to Ephesoft.”
user.connectivity_password,String,A valid password to connect and access LDAP/ Active Directory server.,”The password of the user responsible for interacting with the server. Only required if LDAP/ Active directory is used for connecting to Ephesoft.”
user.connectivity_groupSearchAttributeFilter,String,A valid attribute to be searched while getting groups.,”This Attribute is added so as to make search of groups in LDAP/AD configurable, by default its cn (commonName) is returned.”
user.connectivity_userSearchAttributeFilter,String,A valid attribute to be searched while getting users.,”This Attribute is added to make search of Users (Organizational Unit) in LDAP/AD configurable, by default its cn(commonName) is returned.”

[/table]

 

  • Properties specific to LDAP configuration 

 

[table caption=”” width=”800″ colwidth=”20|100|50″ colalign=”left|left|center|left|right”]
Configurable property,Type~~of value,Value options,Description
user.ldap_user_base,String,N-A,The relative path under which all the users information will be located. This path will be relative to the domain components specified by the user.
user.ldap_group_base,String,N-A,The relative path under which all the groups/roles information will be located. This path will be relative to the domain components specified by the user.
[/table]

 

 

  • Properties specific to MS-Active Directory configuration

 

[table caption=”” width=”800″ colwidth=”20|100|50″ colalign=”left|left|center|left|right”]
Configurable property,Type~~of value,Value options,Description
user.msactivedirectory_context_path,String,N-A,The directory path where the intended user resides.
user.msactivedirectory_group_search_filter,String,N-A,”This filter defines can have |(OR), &(AND) and !(NOT) e.g. ((!(cn=a*))(|(cn=ephesoft*)(&(cn=b*))”
[/table]

 

  • Properties specific to Tomcat configuration

 

[table caption=”” width=”800″ colwidth=”20|100|50″ colalign=”left|left|center|left|right”]
Configurable property,Type~~of value,Value options,Description
user.tomcatUserXmlPath,String,N-A,The directory path where the tomcat configuration xml file resides.
[/table]

 

  • Connection choosing configuration

 

[table caption=”” width=”800″ colwidth=”20|100|50″ colalign=”left|left|center|left|right”]
Configurable property,Type~~of value,Value options,Description
user.connection,List of values,0~~1~~2,The type of connection user wants for the application.~~1. for LDAP~~2. for MS Active Directory~~3. for Tomcat
[/table]

 

Examples

LDAP

Realm

<Realm className=”org.apache.catalina.realm.JNDIRealm” debug=”99″

connectionURL=”ldap://localhost:389″

connectionName=”cn=Manager,dc=ephesoft,dc=com”

connectionPassword=”********”

userPattern=”cn={0},ou=people,dc= ephesoft,dc=com”

roleBase=”ou=groups,dc= ephesoft,dc=com” roleName=”cn”

roleSearch=”uniqueMember={0}”/>

user-connectivity.properties

  • user. connectivity_url=ldap://localhost:389
  • user. connectivity_config=com.sun.jndi.ldap.LdapCtxFactory
  • user. connectivity_domain_component_name= ephesoft
  • user. connectivity_domain_component_organization=com
  • user. connectivity_username=cn=Manager,dc=ephesoft,dc=com
  • user. connectivity_password=*******
  • user.ldap_user_base=ou=people
  • user.ldap_group_base=ou=groups
  • user.connection=0

MS-Active Directory

Realm

<Realm className=”org.apache.catalina.realm.JNDIRealm” debug=”99″

connectionURL=”[ldap://172.16.1.68/ ldap://localhost:389]”

connectionName=”administrator@ephesoft.com

connectionPassword=”********”

userBase=”cn=Users,DC=ephesoft,DC=com”

userSearch=”(&(objectClass=person)(sAMAccountName={0}))”

userSubtree=”true”

roleBase=”cn=Users,DC=ephesoft,DC=com”

roleName=”cn”

roleSubtree=”true”

roleSearch=”member={0}” referrals=”follow” />

user-connectivity.properties

  • user. connectivity_url=ldap://172.16.0.191:389
  • user. connectivity_config=com.sun.jndi.ldap.LdapCtxFactory
  • user. msactivedirectory_context_path=CN=Users
  • user. connectivity_domain_component_name= ephesoft
  • user. connectivity_domain_component_organization=com
  • user. connectivity_user_name=CN=Administrator,CN=Users,DC= ephesoft,DC=com
  • user. connectivity_password=*******
  • user.connection=1 (for fetching group and user from active directory)

 

Multiple realm example

<Realm className=”org.apache.catalina.realm.CombinedRealm” >

<Realm className=”org.apache.catalina.realm.JNDIRealm” debug=”99″

connectionURL=”[ldap://172.16.1.68/ ldap://172.16.1.68:389]”

connectionName=”administrator@ephesoft.com

connectionPassword=”********”

userBase=”cn=Users,DC=ephesoft,DC=com”

userSearch=”(&(objectClass=person)(sAMAccountName={0}))”

userSubtree=”true”

roleBase=”cn=Users,DC=ephesoft,DC=com”

roleName=”cn” roleSubtree=”true”

roleSearch=”member={0}” referrals=”follow” />

 

<Realm className=”org.apache.catalina.realm.JNDIRealm” debug=”99″

connectionURL=”[ldap://172.16.1.68/ ldap://172.16.1.68:389]”

connectionName=”administrator@ephesoft.com

connectionPassword=”********”

userBase=”ou=test1,DC=ephesoft,DC=com”

userSearch=”(&(objectClass=person)(sAMAccountName={0}))”

userSubtree=”true”

roleBase=”ou=test1,DC=ephesoft,DC=com” roleName=”cn”

roleSubtree=”true” roleSearch=”member={0}” referrals=”follow”/>

 

<Realm className=”org.apache.catalina.realm.JNDIRealm” debug=”99″

connectionURL=”[ldap://172.16.1.68/ ldap://172.16.1.68:389]”

connectionName=”administrator@ephesoft.com

connectionPassword=”********”

userBase=”ou=test,DC=ephesoft,DC=com”

userSearch=”(&(objectClass=person)(sAMAccountName={0}))”

userSubtree=”true” roleBase=”ou=test,DC=ephesoft,DC=com”

roleName=”cn” roleSubtree=”true”

roleSearch=”member={0}” referrals=”follow” />

</Realm>

 

Global realm example

<Realm className=”org.apache.catalina.realm.JNDIRealm” debug=”99″

connectionURL=”ldap://172.16.1.68:3268″

connectionName=”administrator@ephesoft.com

connectionPassword=”********”

userBase=” DC=ephesoft,DC=com”

userSearch=” (sAMAccountName={0})”

userSubtree=”true” roleBase=”ou=test,DC=ephesoft,DC=com”

roleName=”cn” roleSubtree=”true”

roleSearch=”member={0}” referrals=”follow” />