SSO Using Jboss Authentication Integrated With Active Directory
To access Transact using Transact Explorer, you need to provide the user credentials that are validated inside the Transact database. These user credentials are authenticated against Transact or a third-party authentication server and only the valid users are allowed to access Transact.
With SSO to Transact using Transact Explorer, the user credentials are stored on an Active Directory (AD) server validated by the users’ desktop or corporate network authentication systems using the LDAP protocol.
System Requirements
- JBoss EAP 7 or later
- Active Directory enabled network
- Transact Explorer and Transact Environment
Configuring JBoss EAP
Configure the LDAP security domain in the JBoss server-config file, as shown below:
JBOSS_HOME\standalone\configuration\standalone-utp.xml
- Set CN as Windows user name.
- Set Bindcredential as Windows password.
</login-module>
</authentication>
</security-domain></security-domains>
</subsystem>
><subsystem xmlns="urn:jboss:domain:security:2.0">
<security-domains>
…
…
…
…
<security-domain name="LDAP" cache-type="default">
<authentication>
<login-module code="LdapExtended" flag="required">
<module-
option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
<module-
option name="java.naming.provider.url" value="ldap://temenosgroup.com:389"/>
<module-option name="java.naming.security.authentication" value="simple"/>
<module-option name="bindDN" value="CN=Enter your windows username,OU=IN Chennai - KG,OU=APAC,OU=Ebiz,DC=temenosgroup,DC=com"/>
<module-option name="bindCredential" value="Enter your windows password"/>
<module-option name="baseCtxDN" value="DC=temenosgroup,DC=com"/>
<module-option name="baseFilter" value="(sAMAccountName={0})"/>
Configuring the System
Enable the GenericWebAuthenticationFilter property by setting the below property in the setenv.bat file.
-Dcom.temenos.te.ui.enableGenericAuthenticationFilter=Y
Configuring transact-explorer-wa.war
Add the org.jboss.security.negotiation module dependency in the jboss-deployment- structure.xml file.
transact-explorer-wa.war\WEB-INF\jboss-deployment-structure.xml
<module name="org.jboss.security.negotiation" />
Configuring LDAP Security Domain Details
Navigate to transact-explorer-wa.war\WEB-INF\jboss-web.xml file and configure the below security domain details.
<security-domain>java:/jaas/LDAP</security-domain>
<valve>
<class-name>org.jboss.security.negotiation.NegotiationAuthenticator</class-name>
</valve>
<jacc-star-role-allow>true</jacc-star-role-allow>
Configuring Web.xml
Navigate to transact-explorer-wa.war\WEB-INF\Web.xml.
Uncomment the BASIC authentication security-role, security-constraint and login-config properties in the web.xml file.
Configuring Transact
To configure a new user and validate SSO,
- Create a new Transact user profile. The SIGN.ON.NAME should be same as windows user Id.
- Ensure that the Preauthenticated attribute is added for the user.
- Launch Transact Explorer. It prompts for the user credentials. Enter the system credentials.
Upon successful validation, Transact Explorer navigates you to the home page.
You have now successfully achieved SSO using JBOSS authentication integrated with active directory.
In this topic