What’s New In Transact 4.5?
Ephesoft Transact v.4.5.0.0 installer has been enhanced to support Form Authentication both for HTTP and HTTPS protocols. Now, the application can be set up to authenticate users on the basis of data provided during the installation itself. If you are installing Ephesoft Transact on a secure server, you can also specify SSL Certificate details. All provided data will be saved/updated/mapped automatically in the following files:
- server.xml (<Ephesoft Installation Directory>JavaAppServerconf)
- web.xml (<Ephesoft Installation Directory>JavaAppServerconf)
- dcma-user.connectivity.properties (<Ephesoft Installation Directory>ApplicationWEB-INFclassesMETA-INFdcma-user-connectivity)
- dcma-batch.properties (<Ephesoft Installation Directory>ApplicationWEB-INFclassesMETA-INFdcma-batch)
- config.properties (included in Ephesoft Transact installation package)
If you are installing Ephesoft Transact with HTTPS protocol, the keystore file with SSL certificate details will be copied to the Certs folder of Ephesoft Installation Directory.
Windows Installer:
- Form Authentication with HTTP
- Form Authentication with HTTPS
- Form Authentication for silent Installation
Linux Installer:
- Form Authentication with HTTP
- Form Authentication with HTTPS
- Form Authentication for silent Installation
To use Form Authentication with HTTP during installation of Ephesoft Transact on Windows:
1. Start the installation process by running the Ephesoft 4.5.0.0 Windows Installer.
2. Follow the installation process till you reach the Authentication Mode step.
3. Select Standard Form Authentication and HTTP communication protocol, and click Next.
4. Select the Connection Type and configure connectivity details. There are three available connection types: LDAP, MS Active Directory and Tomcat.
- Tomcat is selected by default and does not require any configurations.
- For LDAP, configure the following details. You can hover over the text field to get more information on each parameter.
Configurable property | Description |
Connectivity URL | A valid URL to connect to LDAP server. The connection URL should be in the following format: ldap://<server_address>:<port_number>. |
Domain Name | The domain component name for the LDAP configuration. |
Domain Organization | The domain component organization name for the LDAP configuration. |
User Name | A valid username to connect and access LDAP server (the username of the user responsible for interacting with the server). |
Password | A valid password to connect and access LDAP server (the password of the user responsible for interacting with the server). |
Group Search Filter | A search string for searching groups. |
User Search Filter | A search string for searching users. |
Ldap User Base | The relative path under which all the users’ information will be located. This attribute defines where to look for a user. |
Ldap Group Base | The relative path under which all the groups/roles information will be located. This path will be relative to the domain components specified by the user. |
- For Active Directory, configure the following details. You can hover over the text field to get more information on each parameter.
Configurable property | Description |
Connectivity URL | A valid URL to connect to LDAP server. The connection URL should be in the following format: ldap://<server_address>:<port_number>. |
Domain Name | The domain component name for the LDAP configuration. |
Domain Organization | The domain component organization name for the LDAP configuration. |
User Name | A valid username to connect and access LDAP server (the username of the user responsible for interacting with the server). |
Password | A valid password to connect and access LDAP server (the password of the user responsible for interacting with the server). |
Group Search Filter | A search string for searching groups. |
User Search Filter | A search string for searching users. |
AD Context Path | The directory path where the intended user resides. This parameter is optional and can be left empty. |
AD Group Search Filter | This attribute helps to filter search results and can have the following operators: |(OR), &(AND) and !(NOT). For example, ((!(cn=a*))(|(cn=ephesoft*)(&(cn=b*)))
This parameter is optional and can be left empty. |
Click Next to continue.
5. Configure Realm Settings for HTTP, and click Next to continue.
Configurable property | Description |
Connection URL | A valid URL to connect to LDAP /Active Directory server. The connection URL should be in the following format: ldap://<server_address>:<port_number>. |
Connection Name | A valid username to connect and access LDAP /Active Directory server (the username of the user responsible for interacting with the server). |
Connection Password | A valid password to connect and access LDAP/ Active Directory server (the password of the user responsible for interacting with the server). |
User Base | The relative path under which all the users’ information will be located. This attribute defines where to look for a user. |
User Search | A search string for searching users. |
Role Base | The relative path under which all the roles information will be located. This attribute defines where to look for a role corresponding to a user. |
Role Name | Role name defines which attribute is used for a role. |
Role Search | A search string for searching roles. |
This completes the process of configuring Form Authentication with HTTP server.
6. Proceed with the installation process.
To use Form Authentication with HTTPS during installation of Ephesoft Transact on Windows:
1. Start the installation process by running the Ephesoft 4.5.0.0 Windows Installer.
2. Follow the installation process till you reach the Authentication Mode step.
3. Select Standard Form Authentication and HTTPS communication protocol, and click Next.
4. Now, provide the path and the password for the keystore file containing SSL certificate details, and specify the port on which you will run the application. Click Next to continue.
5. Select the Connection Type and configure connectivity details. There are three available connection types: LDAP, MS Active Directory and Tomcat.
- Tomcat is selected by default and does not require any configurations.
- For LDAP, configure the following details. You can hover over the text field to get more information on each parameter.
Configurable property | Description |
Connectivity URL | A valid URL to connect to LDAP server. The connection URL should be in the following format: ldap://<server_address>:<port_number>. |
Domain Name | The domain component name for the LDAP configuration. |
Domain Organization | The domain component organization name for the LDAP configuration. |
User Name | A valid username to connect and access LDAP server (the username of the user responsible for interacting with the server). |
Password | A valid password to connect and access LDAP server (the password of the user responsible for interacting with the server). |
Group Search Filter | A search string for searching groups. |
User Search Filter | A search string for searching users. |
Ldap User Base | The relative path under which all the users’ information will be located. This attribute defines where to look for a user. |
Ldap Group Base | The relative path under which all the groups/roles information will be located. This path will be relative to the domain components specified by the user. |
- For Active Directory, configure the following details. You can hover over the text field to get more information on each parameter.
Configurable property | Description |
Connectivity URL | A valid URL to connect to LDAP server. The connection URL should be in the following format: ldap://<server_address>:<port_number>. |
Domain Name | The domain component name for the LDAP configuration. |
Domain Organization | The domain component organization name for the LDAP configuration. |
User Name | A valid username to connect and access LDAP server (the username of the user responsible for interacting with the server). |
Password | A valid password to connect and access LDAP server (the password of the user responsible for interacting with the server). |
Group Search Filter | A search string for searching groups. |
User Search Filter | A search string for searching users. |
AD Context Path | The directory path where the intended user resides. This parameter is optional and can be left empty. |
AD Group Search Filter | This attribute helps to filter search results and can have the following operators: |(OR), &(AND) and !(NOT). For example, ((!(cn=a*))(|(cn=ephesoft*)(&(cn=b*)))
This parameter is optional and can be left empty. |
This completes the process of configuring Form Authentication with HTTPS server.
6. Proceed with the installation process.
To configure Form Authentication for the silent installation of Ephesoft Transact on Windows:
1. Open the config.properties file shipped along with the installer.
2. Configure the below-mentioned parameters.
Note: Connectivity details must be provided only for LDAP or MS Active Directory. Tomcat does not require connection configuration.
Configurable property | Description |
pivcac_selected_mode | The type of authentication mode you want to use.
|
form_authentication_http_or_https | The communication protocol, which will be used for Form Authentication.
|
form_authentication_keystore_file_path | The path to the keystore certificate with SSL information.
Required only if HTTPS is selected. |
form_authentication_keystore_password | The password for the keystore certificate with SSL information.
Required only if HTTPS is selected. |
pivcac_realm_connection_url | A valid URL to connect to LDAP /Active Directory server. The connection URL should be in the following format: ldap://<server_address>:<port_number>. |
pivcac_realm_connection_name | A valid username to connect and access LDAP /Active Directory server (the username of the user responsible for interacting with the server). |
pivcac_realm_connection_password | A valid password to connect and access LDAP/ Active Directory server (the password of the user responsible for interacting with the server). |
pivcac_realm_user_base | The relative path under which all the users’ information will be located. This attribute defines where to look for a user. |
pivcac_realm_user_search | A search string for searching users. |
pivcac_realm_role_base | The relative path under which all the roles information will be located. This attribute defines where to look for a role corresponding to a user. |
pivcac_realm_role_name | Role name defines which attribute is used for a role. |
pivcac_realm_role_search | A search string for searching roles. |
pivcac_realm_userSubtree | This attribute defines the search scope. Set to true to search the entire subtree rooted at the User base entry. Set to false to request a single-level search including only the top level. |
pivcac_realm_roleSubtree | This attribute defines the search scope. Set to true to search the entire subtree rooted at the Role base entry. Set to false to request a single-level search including only the top level. |
connectivity_user_connection | The type of connection you want to use for the application.
|
connectivity_url | A valid URL to connect to LDAP server. The connection URL should be in the following format: ldap://<server_address>:<port_number>. |
connectivity_domain_name | The domain component name for the LDAP configuration. |
connectivity_domain_org | The domain component organization name for the LDAP configuration. |
connectivity_user_name | A valid username to connect and access LDAP server (the username of the user responsible for interacting with the server). |
connectivity_user_password | A valid password to connect and access LDAP server (the password of the user responsible for interacting with the server). |
connectivity_group_search_attribute_filter | A search string for searching groups. |
connectivity_user_search_attribute_filter | A search string for searching users. |
connectivity_ldap_user_base | The relative path under which all the users’ information will be located. This attribute defines where to look for a user. |
connectivity_ldap_group_base | The relative path under which all the groups/roles information will be located. This path will be relative to the domain components specified by the user. |
connectivity_msad_context_path | The directory path where the intended user resides. This parameter is optional and can be left empty. |
connectivity_msad_group_search_filter | This attribute helps to filter search results and can have the following operators: |(OR), &(AND) and !(NOT). For example, ((!(cn=a*))(|(cn=ephesoft*)(&(cn=b*)))
This parameter is optional and can be left empty. |
3. Save the changes.
To use Form Authentication with HTTP during installation of Ephesoft Transact on Linux:
1. Start the installation process by executing the installer. When offered to install the system using silent installer, select n.
2. Follow the installation process till you reach Authentication Configuration section.
3. Enter 1 to select the Standard Form Authentication Mode.
Note:
- When Form Authentication is selected, the users will be required to provide a username and password to log on to the application. This Authentication Mode is used by default.
- PKI Authentication (Public Key Identification) option is provided if you want to use PIV cards and related certificates.
4. Select the Application Protocol you want to use. Available options:
- HTTP
- HTTPS
Let’s go ahead and select the first option.
5. Specify the port on which you will be using your application.
6. Fill the User Connectivity Settings section. In this case, we select 2 – MS Active Directory.
Note: Connection details must be provided only for LDAP or MS Active Directory. Tomcat does not require connection configuration.
- Connection configuration
Configurable property | Description |
User Connection Type | The type of connection you want to use for the application.
|
- Configurable properties common for both LDAP & MS Active Directory
Configurable property | Description |
Connection URL | A valid URL to connect to LDAP /Active Directory server. The connection URL should be in the following format: ldap://<server_address>:<port_number>. |
Connection Name | A valid username to connect and access LDAP /Active Directory server (the username of the user responsible for interacting with the server). |
Connection Password | A valid password to connect and access LDAP/ Active Directory server (the password of the user responsible for interacting with the server). |
User base | The relative path under which all the users’ information will be located. This attribute defines where to look for a user. |
User search | A search string for searching users. |
User subtree | This attribute defines the search scope. Set to true to search the entire subtree rooted at the User base entry. Set to false to request a single-level search including only the top level. |
Role base | The relative path under which all the roles information will be located. This attribute defines where to look for a role corresponding to a user. |
Role name | Role name defines which attribute is used for a role. |
Role search | A search string for searching roles. |
Role subtree | This attribute defines the search scope. Set to true to search the entire subtree rooted at the Role base entry. Set to false to request a single-level search including only the top level. |
- Properties specific to MS-Active Directory configuration
Configurable property | Description |
MS AD Group Search Filter | This attribute helps to filter search results and can have the following operators: |(OR), &(AND) and !(NOT). For example, ((!(cn=a*))(|(cn=ephesoft*)(&(cn=b*)))
This parameter is optional and can be left empty. |
7. Confirm that provided details are correct by entering n. If you want to update the details, press y and change the information as needed.
Once the connectivity information is confirmed, realm settings will be updated automatically and authentication configuration will be successfully completed.
8. Proceed with the installation process.
To use Form Authentication with HTTPS during installation of Ephesoft Transact on Linux:
1. Start the installation process by executing the installer. When offered to install the system using silent installer, select n.
2. Follow the installation process till you reach Authentication Configuration section.
3. Enter 1 to select the Standard Form Authentication Mode.
Note:
- When Form Authentication is selected, the users will be required to provide a username and password to log on to the application. This Authentication Mode is used by default.
- PKI Authentication (Public Key Identification) option is provided if you want to use PIV cards and related certificates.
4. Select the Application Protocol you want to use. Available options:
- HTTP
- HTTPS
Let’s go ahead and select the second option.
5. Provide details for SSL certificate.
- Specify the location of the keystore file.
- Provide and confirm the password for the keystore file.
6. Confirm that provided details are correct by entering n. If you want to update the details, press y and change the information as needed.
7. Specify the port on which you will be using your application.
8. Fill the User Connectivity Settings section. In this case, we select 2 – MS Active Directory.
Note: Connection details must be provided only for LDAP or MS Active Directory. Tomcat does not require connection configuration.
- Connection configuration
Configurable property | Description |
User Connection Type | The type of connection you want to use for the application.
|
- Configurable properties common for both LDAP & MS Active Directory
Configurable property | Description |
Connection URL | A valid URL to connect to LDAP /Active Directory server. The connection URL should be in the following format: ldap://<server_address>:<port_number>. |
Connection Name | A valid username to connect and access LDAP /Active Directory server (the username of the user responsible for interacting with the server). |
Connection Password | A valid password to connect and access LDAP/ Active Directory server (the password of the user responsible for interacting with the server). |
User base | The relative path under which all the users’ information will be located. This attribute defines where to look for a user. |
User search | A search string for searching users. |
User subtree | This attribute defines the search scope. Set to true to search the entire subtree rooted at the User base entry. Set to false to request a single-level search including only the top level. |
Role base | The relative path under which all the roles information will be located. This attribute defines where to look for a role corresponding to a user. |
Role name | Role name defines which attribute is used for a role. |
Role search | A search string for searching roles. |
Role subtree | This attribute defines the search scope. Set to true to search the entire subtree rooted at the Role base entry. Set to false to request a single-level search including only the top level. |
- Properties specific to MS-Active Directory configuration
Configurable property | Description |
MS AD Group Search Filter | This attribute helps to filter search results and can have the following operators: |(OR), &(AND) and !(NOT). For example, ((!(cn=a*))(|(cn=ephesoft*)(&(cn=b*)))
This parameter is optional and can be left empty. |
9. Confirm that provided details are correct by entering n. If you want to update the details, press y and change the information as needed.
Once the connectivity information is confirmed, realm settings will be updated automatically and authentication configuration will be successfully completed.
10. Proceed with the installation process.
To configure Form Authentication for the silent installation of Ephesoft Transact on Linux:
1. Open the config.properties file shipped along with the installer.
2. Configure the below-mentioned parameters.
Note: Connection details must be provided only for LDAP or MS Active Directory. Tomcat does not require connection configuration.
Configurable property | Description |
Input_authentication_mode | The type of authentication mode you want to use.
|
Input_application_communication_protocol | The communication protocol, which will be used for Form Authentication.
|
input_form_https_keystore_cert_path | The path to the keystore certificate with SSL information.
Required only if HTTPS is selected. |
input_form_https_keystore_cert_password | The password for the keystore certificate with SSL information.
Required only if HTTPS is selected. |
input_connectivity_user_connection | The type of connection you want to use for the application.
|
input_realm_connection_url | A valid URL to connect to LDAP /Active Directory server. The connection URL should be in the following format: ldap://<server_address>:<port_number>. |
input_realm_connection_name | A valid username to connect and access LDAP /Active Directory server (the username of the user responsible for interacting with the server). |
input_realm_user_password | A valid password to connect and access LDAP/ Active Directory server (the password of the user responsible for interacting with the server). |
input_realm_user_base | The relative path under which all the users’ information will be located. This attribute defines where to look for a user. |
input_realm_user_search | A search string for searching users. |
input_realm_user_sub_tree | This attribute defines the search scope. Set to true to search the entire subtree rooted at the User base entry. Set to false to request a single-level search including only the top level. |
input_realm_role_base | The relative path under which all the roles information will be located. This attribute defines where to look for a role corresponding to a user. |
input_realm_role_name | Role name defines which attribute is used for a role. |
input_realm_role_search | A search string for searching roles. |
input_realm_role_sub_tree | This attribute defines the search scope. Set to true to search the entire subtree rooted at the Role base entry. Set to false to request a single-level search including only the top level. |
3. Save the changes.