Transact

⌘K
  1. Home
  2. Transact
  3. Install and Upgrade
  4. Additional Resources
  5. Windows
  6. Form Authentication and HTTPS Support

Form Authentication and HTTPS Support

What’s New In Transact 4.5?


Ephesoft Transact v.4.5.0.0 installer has been enhanced to support Form Authentication both for HTTP and HTTPS protocols. Now, the application can be set up to authenticate users on the basis of data provided during the installation itself. If you are installing Ephesoft Transact on a secure server, you can also specify SSL Certificate details. All provided data will be saved/updated/mapped automatically in the following files:

  • server.xml (<Ephesoft Installation Directory>JavaAppServerconf)
  • web.xml (<Ephesoft Installation Directory>JavaAppServerconf)
  • dcma-user.connectivity.properties (<Ephesoft Installation Directory>ApplicationWEB-INFclassesMETA-INFdcma-user-connectivity)
  • dcma-batch.properties (<Ephesoft Installation Directory>ApplicationWEB-INFclassesMETA-INFdcma-batch)
  • config.properties (included in Ephesoft Transact installation package)

If you are installing Ephesoft Transact with HTTPS protocol, the keystore file with SSL certificate details will be copied to the Certs folder of Ephesoft Installation Directory.

C:UsersEphesoftAppDataLocalMicrosoftWindowsINetCacheContent.Word28.png

Windows Installer:

  1. Form Authentication with HTTP
  2. Form Authentication with HTTPS
  3. Form Authentication for silent Installation

Linux Installer:

  1. Form Authentication with HTTP
  2. Form Authentication with HTTPS
  3. Form Authentication for silent Installation

 

To use Form Authentication with HTTP during installation of Ephesoft Transact on Windows:

1. Start the installation process by running the Ephesoft 4.5.0.0 Windows Installer.

C:UsersEphesoftAppDataLocalMicrosoftWindowsINetCacheContent.Word21.png

2. Follow the installation process till you reach the Authentication Mode step.

C:UsersEphesoftAppDataLocalMicrosoftWindowsINetCacheContent.Word22.png

3. Select Standard Form Authentication and HTTP communication protocol, and click Next.

4. Select the Connection Type and configure connectivity details. There are three available connection types: LDAP, MS Active Directory and Tomcat.

  • Tomcat is selected by default and does not require any configurations.

C:UsersEphesoftAppDataLocalMicrosoftWindowsINetCacheContent.Word25.png

 

  • For LDAP, configure the following details. You can hover over the text field to get more information on each parameter.

C:UsersEphesoftAppDataLocalMicrosoftWindowsINetCacheContent.Word23.png

Configurable property Description
Connectivity URL A valid URL to connect to LDAP server. The connection URL should be in the following format: ldap://<server_address>:<port_number>.
Domain Name The domain component name for the LDAP configuration.
Domain Organization The domain component organization name for the LDAP configuration.
User Name A valid username to connect and access LDAP server (the username of the user responsible for interacting with the server).
Password A valid password to connect and access LDAP server (the password of the user responsible for interacting with the server).
Group Search Filter A search string for searching groups.
User Search Filter A search string for searching users.
Ldap User Base The relative path under which all the users’ information will be located. This attribute defines where to look for a user.
Ldap Group Base The relative path under which all the groups/roles information will be located. This path will be relative to the domain components specified by the user.

 

  • For Active Directory, configure the following details. You can hover over the text field to get more information on each parameter.

C:UsersEphesoftAppDataLocalMicrosoftWindowsINetCacheContent.Word24.png

Configurable property Description
Connectivity URL A valid URL to connect to LDAP server. The connection URL should be in the following format: ldap://<server_address>:<port_number>.
Domain Name The domain component name for the LDAP configuration.
Domain Organization The domain component organization name for the LDAP configuration.
User Name A valid username to connect and access LDAP server (the username of the user responsible for interacting with the server).
Password A valid password to connect and access LDAP server (the password of the user responsible for interacting with the server).
Group Search Filter A search string for searching groups.
User Search Filter A search string for searching users.
AD Context Path The directory path where the intended user resides. This parameter is optional and can be left empty.
AD Group Search Filter This attribute helps to filter search results and can have the following operators: |(OR), &(AND) and !(NOT). For example, ((!(cn=a*))(|(cn=ephesoft*)(&(cn=b*)))

This parameter is optional and can be left empty.

 

Click Next to continue.

5. Configure Realm Settings for HTTP, and click Next to continue.

C:UsersEphesoftAppDataLocalMicrosoftWindowsINetCacheContent.Word26.png

Configurable property Description
Connection URL A valid URL to connect to LDAP /Active Directory server. The connection URL should be in the following format: ldap://<server_address>:<port_number>.
Connection Name A valid username to connect and access LDAP /Active Directory server (the username of the user responsible for interacting with the server).
Connection Password A valid password to connect and access LDAP/ Active Directory server (the password of the user responsible for interacting with the server).
User Base The relative path under which all the users’ information will be located. This attribute defines where to look for a user.
User Search A search string for searching users.
Role Base The relative path under which all the roles information will be located. This attribute defines where to look for a role corresponding to a user.
Role Name Role name defines which attribute is used for a role.
Role Search A search string for searching roles.

 

This completes the process of configuring Form Authentication with HTTP server.

6. Proceed with the installation process.

 

To use Form Authentication with HTTPS during installation of Ephesoft Transact on Windows:

1. Start the installation process by running the Ephesoft 4.5.0.0 Windows Installer.

C:UsersEphesoftAppDataLocalMicrosoftWindowsINetCacheContent.Word21.png

2. Follow the installation process till you reach the Authentication Mode step.

C:UsersEphesoftAppDataLocalMicrosoftWindowsINetCacheContent.Word22.png

3. Select Standard Form Authentication and HTTPS communication protocol, and click Next.

4. Now, provide the path and the password for the keystore file containing SSL certificate details, and specify the port on which you will run the application. Click Next to continue.

C:UsersEphesoftAppDataLocalMicrosoftWindowsINetCacheContent.Word27.png

5. Select the Connection Type and configure connectivity details. There are three available connection types: LDAP, MS Active Directory and Tomcat.

  • Tomcat is selected by default and does not require any configurations.

C:UsersEphesoftAppDataLocalMicrosoftWindowsINetCacheContent.Word25.png

 

  • For LDAP, configure the following details. You can hover over the text field to get more information on each parameter.

C:UsersEphesoftAppDataLocalMicrosoftWindowsINetCacheContent.Word23.png

Configurable property Description
Connectivity URL A valid URL to connect to LDAP server. The connection URL should be in the following format: ldap://<server_address>:<port_number>.
Domain Name The domain component name for the LDAP configuration.
Domain Organization The domain component organization name for the LDAP configuration.
User Name A valid username to connect and access LDAP server (the username of the user responsible for interacting with the server).
Password A valid password to connect and access LDAP server (the password of the user responsible for interacting with the server).
Group Search Filter A search string for searching groups.
User Search Filter A search string for searching users.
Ldap User Base The relative path under which all the users’ information will be located. This attribute defines where to look for a user.
Ldap Group Base The relative path under which all the groups/roles information will be located. This path will be relative to the domain components specified by the user.

 

  • For Active Directory, configure the following details. You can hover over the text field to get more information on each parameter.

C:UsersEphesoftAppDataLocalMicrosoftWindowsINetCacheContent.Word24.png

Configurable property Description
Connectivity URL A valid URL to connect to LDAP server. The connection URL should be in the following format: ldap://<server_address>:<port_number>.
Domain Name The domain component name for the LDAP configuration.
Domain Organization The domain component organization name for the LDAP configuration.
User Name A valid username to connect and access LDAP server (the username of the user responsible for interacting with the server).
Password A valid password to connect and access LDAP server (the password of the user responsible for interacting with the server).
Group Search Filter A search string for searching groups.
User Search Filter A search string for searching users.
AD Context Path The directory path where the intended user resides. This parameter is optional and can be left empty.
AD Group Search Filter This attribute helps to filter search results and can have the following operators: |(OR), &(AND) and !(NOT). For example, ((!(cn=a*))(|(cn=ephesoft*)(&(cn=b*)))

This parameter is optional and can be left empty.

 

This completes the process of configuring Form Authentication with HTTPS server.

6. Proceed with the installation process.

 

To configure Form Authentication for the silent installation of Ephesoft Transact on Windows:

1. Open the config.properties file shipped along with the installer.

C:UsersEphesoftAppDataLocalMicrosoftWindowsINetCacheContent.Word18.png

2. Configure the below-mentioned parameters.

C:UsersEphesoftAppDataLocalMicrosoftWindowsINetCacheContent.Word29.png

C:UsersEphesoftAppDataLocalMicrosoftWindowsINetCacheContent.Word30.png

Note: Connectivity details must be provided only for LDAP or MS Active Directory. Tomcat does not require connection configuration.

Configurable property Description
pivcac_selected_mode The type of authentication mode you want to use.

  • 0 for Form Authentication
  • 1 for PKI Authentication
form_authentication_http_or_https The communication protocol, which will be used for Form Authentication.

  • 0 for HTTP
  • 1 for HTTPS
form_authentication_keystore_file_path The path to the keystore certificate with SSL information.

Required only if HTTPS is selected.

form_authentication_keystore_password The password for the keystore certificate with SSL information.

Required only if HTTPS is selected.

pivcac_realm_connection_url A valid URL to connect to LDAP /Active Directory server. The connection URL should be in the following format: ldap://<server_address>:<port_number>.
pivcac_realm_connection_name A valid username to connect and access LDAP /Active Directory server (the username of the user responsible for interacting with the server).
pivcac_realm_connection_password A valid password to connect and access LDAP/ Active Directory server (the password of the user responsible for interacting with the server).
pivcac_realm_user_base The relative path under which all the users’ information will be located. This attribute defines where to look for a user.
pivcac_realm_user_search A search string for searching users.
pivcac_realm_role_base The relative path under which all the roles information will be located. This attribute defines where to look for a role corresponding to a user.
pivcac_realm_role_name Role name defines which attribute is used for a role.
pivcac_realm_role_search A search string for searching roles.
pivcac_realm_userSubtree This attribute defines the search scope. Set to true to search the entire subtree rooted at the User base entry. Set to false to request a single-level search including only the top level.
pivcac_realm_roleSubtree This attribute defines the search scope. Set to true to search the entire subtree rooted at the Role base entry. Set to false to request a single-level search including only the top level.
connectivity_user_connection The type of connection you want to use for the application.

  • 0 for LDAP
  • 1 for MS Active Directory
  • 2 for Tomcat
connectivity_url A valid URL to connect to LDAP server. The connection URL should be in the following format: ldap://<server_address>:<port_number>.
connectivity_domain_name The domain component name for the LDAP configuration.
connectivity_domain_org The domain component organization name for the LDAP configuration.
connectivity_user_name A valid username to connect and access LDAP server (the username of the user responsible for interacting with the server).
connectivity_user_password A valid password to connect and access LDAP server (the password of the user responsible for interacting with the server).
connectivity_group_search_attribute_filter A search string for searching groups.
connectivity_user_search_attribute_filter A search string for searching users.
connectivity_ldap_user_base The relative path under which all the users’ information will be located. This attribute defines where to look for a user.
connectivity_ldap_group_base The relative path under which all the groups/roles information will be located. This path will be relative to the domain components specified by the user.
connectivity_msad_context_path The directory path where the intended user resides. This parameter is optional and can be left empty.
connectivity_msad_group_search_filter This attribute helps to filter search results and can have the following operators: |(OR), &(AND) and !(NOT). For example, ((!(cn=a*))(|(cn=ephesoft*)(&(cn=b*)))

This parameter is optional and can be left empty.

 

3. Save the changes.

 

To use Form Authentication with HTTP during installation of Ephesoft Transact on Linux:

1. Start the installation process by executing the installer. When offered to install the system using silent installer, select n.

C:UsersEphesoftAppDataLocalMicrosoftWindowsINetCacheContent.Word1.png

2. Follow the installation process till you reach Authentication Configuration section.

C:UsersEphesoftAppDataLocalMicrosoftWindowsINetCacheContent.Word2-1.png

3. Enter 1 to select the Standard Form Authentication Mode.

Note:

  • When Form Authentication is selected, the users will be required to provide a username and password to log on to the application. This Authentication Mode is used by default.
  • PKI Authentication (Public Key Identification) option is provided if you want to use PIV cards and related certificates.

4. Select the Application Protocol you want to use. Available options:

  • HTTP
  • HTTPS

Let’s go ahead and select the first option.

C:UsersEphesoftAppDataLocalMicrosoftWindowsINetCacheContent.Word4.png

5. Specify the port on which you will be using your application.

C:UsersEphesoftAppDataLocalMicrosoftWindowsINetCacheContent.Word5.png

6. Fill the User Connectivity Settings section. In this case, we select 2 – MS Active Directory.

Note: Connection details must be provided only for LDAP or MS Active Directory. Tomcat does not require connection configuration.

C:UsersEphesoftAppDataLocalMicrosoftWindowsINetCacheContent.Word32.png

  • Connection configuration
Configurable property Description
User Connection Type The type of connection you want to use for the application.

  • 1 for LDAP
  • 2 for MS Active Directory
  • 3 for Tomcat

 

  • Configurable properties common for both LDAP & MS Active Directory
Configurable property Description
Connection URL A valid URL to connect to LDAP /Active Directory server. The connection URL should be in the following format: ldap://<server_address>:<port_number>.
Connection Name A valid username to connect and access LDAP /Active Directory server (the username of the user responsible for interacting with the server).
Connection Password A valid password to connect and access LDAP/ Active Directory server (the password of the user responsible for interacting with the server).
User base The relative path under which all the users’ information will be located. This attribute defines where to look for a user.
User search A search string for searching users.
User subtree This attribute defines the search scope. Set to true to search the entire subtree rooted at the User base entry. Set to false to request a single-level search including only the top level.
Role base The relative path under which all the roles information will be located. This attribute defines where to look for a role corresponding to a user.
Role name Role name defines which attribute is used for a role.
Role search A search string for searching roles.
Role subtree This attribute defines the search scope. Set to true to search the entire subtree rooted at the Role base entry. Set to false to request a single-level search including only the top level.

 

  • Properties specific to MS-Active Directory configuration
Configurable property Description
MS AD Group Search Filter This attribute helps to filter search results and can have the following operators: |(OR), &(AND) and !(NOT). For example, ((!(cn=a*))(|(cn=ephesoft*)(&(cn=b*)))

This parameter is optional and can be left empty.

 

7. Confirm that provided details are correct by entering n. If you want to update the details, press y and change the information as needed.

Once the connectivity information is confirmed, realm settings will be updated automatically and authentication configuration will be successfully completed.

C:UsersEphesoftAppDataLocalMicrosoftWindowsINetCacheContent.Word13.png

8. Proceed with the installation process.

 

To use Form Authentication with HTTPS during installation of Ephesoft Transact on Linux:

1. Start the installation process by executing the installer. When offered to install the system using silent installer, select n.

C:UsersEphesoftAppDataLocalMicrosoftWindowsINetCacheContent.Word1.png

2. Follow the installation process till you reach Authentication Configuration section.

C:UsersEphesoftAppDataLocalMicrosoftWindowsINetCacheContent.Word2-1.png

3. Enter 1 to select the Standard Form Authentication Mode.

Note:

  • When Form Authentication is selected, the users will be required to provide a username and password to log on to the application. This Authentication Mode is used by default.
  • PKI Authentication (Public Key Identification) option is provided if you want to use PIV cards and related certificates.

4. Select the Application Protocol you want to use. Available options:

  • HTTP
  • HTTPS

Let’s go ahead and select the second option.

C:UsersEphesoftAppDataLocalMicrosoftWindowsINetCacheContent.Word14.png

5. Provide details for SSL certificate.

  • Specify the location of the keystore file.
  • Provide and confirm the password for the keystore file.

C:UsersEphesoftAppDataLocalMicrosoftWindowsINetCacheContent.Word15.png

6. Confirm that provided details are correct by entering n. If you want to update the details, press y and change the information as needed.

C:UsersEphesoftAppDataLocalMicrosoftWindowsINetCacheContent.Word16.png

7. Specify the port on which you will be using your application.

C:UsersEphesoftAppDataLocalMicrosoftWindowsINetCacheContent.Word17.png

8. Fill the User Connectivity Settings section. In this case, we select 2 – MS Active Directory.

Note: Connection details must be provided only for LDAP or MS Active Directory. Tomcat does not require connection configuration.

C:UsersEphesoftAppDataLocalMicrosoftWindowsINetCacheContent.Word32.png

  • Connection configuration
Configurable property Description
User Connection Type The type of connection you want to use for the application.

  • 1 for LDAP
  • 2 for MS Active Directory
  • 3 for Tomcat

 

  • Configurable properties common for both LDAP & MS Active Directory
Configurable property Description
Connection URL A valid URL to connect to LDAP /Active Directory server. The connection URL should be in the following format: ldap://<server_address>:<port_number>.
Connection Name A valid username to connect and access LDAP /Active Directory server (the username of the user responsible for interacting with the server).
Connection Password A valid password to connect and access LDAP/ Active Directory server (the password of the user responsible for interacting with the server).
User base The relative path under which all the users’ information will be located. This attribute defines where to look for a user.
User search A search string for searching users.
User subtree This attribute defines the search scope. Set to true to search the entire subtree rooted at the User base entry. Set to false to request a single-level search including only the top level.
Role base The relative path under which all the roles information will be located. This attribute defines where to look for a role corresponding to a user.
Role name Role name defines which attribute is used for a role.
Role search A search string for searching roles.
Role subtree This attribute defines the search scope. Set to true to search the entire subtree rooted at the Role base entry. Set to false to request a single-level search including only the top level.

 

  • Properties specific to MS-Active Directory configuration
Configurable property Description
MS AD Group Search Filter This attribute helps to filter search results and can have the following operators: |(OR), &(AND) and !(NOT). For example, ((!(cn=a*))(|(cn=ephesoft*)(&(cn=b*)))

This parameter is optional and can be left empty.

 

9. Confirm that provided details are correct by entering n. If you want to update the details, press y and change the information as needed.

Once the connectivity information is confirmed, realm settings will be updated automatically and authentication configuration will be successfully completed.

C:UsersEphesoftAppDataLocalMicrosoftWindowsINetCacheContent.Word13.png

10. Proceed with the installation process.

 

To configure Form Authentication for the silent installation of Ephesoft Transact on Linux:

1. Open the config.properties file shipped along with the installer.

C:UsersEphesoftAppDataLocalMicrosoftWindowsINetCacheContent.Word18.png

2. Configure the below-mentioned parameters.

C:UsersEphesoftAppDataLocalMicrosoftWindowsINetCacheContent.Word19.png

C:UsersEphesoftAppDataLocalMicrosoftWindowsINetCacheContent.Word31.png

Note: Connection details must be provided only for LDAP or MS Active Directory. Tomcat does not require connection configuration.

Configurable property Description
Input_authentication_mode The type of authentication mode you want to use.

  • 1 for Form Authentication
  • 2 for PKI Authentication
Input_application_communication_protocol The communication protocol, which will be used for Form Authentication.

  • 1 for HTTP
  • 2 for HTTPS
input_form_https_keystore_cert_path The path to the keystore certificate with SSL information.

Required only if HTTPS is selected.

input_form_https_keystore_cert_password The password for the keystore certificate with SSL information.

Required only if HTTPS is selected.

input_connectivity_user_connection The type of connection you want to use for the application.

  • 1 for LDAP
  • 2 for MS Active Directory
  • 3 for Tomcat
input_realm_connection_url A valid URL to connect to LDAP /Active Directory server. The connection URL should be in the following format: ldap://<server_address>:<port_number>.
input_realm_connection_name A valid username to connect and access LDAP /Active Directory server (the username of the user responsible for interacting with the server).
input_realm_user_password A valid password to connect and access LDAP/ Active Directory server (the password of the user responsible for interacting with the server).
input_realm_user_base The relative path under which all the users’ information will be located. This attribute defines where to look for a user.
input_realm_user_search A search string for searching users.
input_realm_user_sub_tree This attribute defines the search scope. Set to true to search the entire subtree rooted at the User base entry. Set to false to request a single-level search including only the top level.
input_realm_role_base The relative path under which all the roles information will be located. This attribute defines where to look for a role corresponding to a user.
input_realm_role_name Role name defines which attribute is used for a role.
input_realm_role_search A search string for searching roles.
input_realm_role_sub_tree This attribute defines the search scope. Set to true to search the entire subtree rooted at the Role base entry. Set to false to request a single-level search including only the top level.

 

3. Save the changes.