Configuration Setup for Authentication Process

Copyright © Cloud Software Group, Inc. All Rights Reserved

Chapter 6 Config UI : Configuration Setup for Authentication Process

Configuration Setup for Authentication Process

This section explains the configuration setup required for the authentication process when the user logins to the Config UI.

You can define the authentication process for a user on the LDAP server or in a file. The authentication process and session timeout values are defined in the following files:

•

ASG_HOME/asg-configui.tra

•

ASG_HOME/webapp/ASGConfig/WEB-INF/web.xml

LDAP Server Authentication

This section explains the configuration steps to authenticate a user on the LDAP server. LDAP Server Authentication can be defined either in the asg-configui file or web.xml file.

•

To configure the asg-configui.tra file, see Configuring asg-configui.tra File.

•

To configure the web.xml file, see Configuring web.xml File

Configuring asg-configui.tra File

To configure the authentication process type, the authentication property file and session timeout in the asg-configui.tra file, do the following:

1.

Navigate to the ASG_HOME directory.

2.

Open the asg-configui.tra file for editing.

3.

Set the following properties. See Authentication Properties table for the description of properties.

   java.property.com.tibco.asg.designtime.configui.ASGAuthProcess=LDAP

   java.property.com.tibco.asg.designtime.configui.ASGPropFile=path of the property file for LDAP server details

   java.property.com.tibco.asg.designtime.configui.ASGSessionTimeOut=Timeout value (An integer in minutes)

4.

Save the changes to the file.

Configuring web.xml File

To configure the authentication process type, the authentication property file and session timeout in the web.xml file, do the following:

1.

Navigate to the ASG_HOME/webapp/ASGConfig/WEB-INF directory.

2.

Open the web.xml file for editing.

3.

Set the following properties. See Authentication Properties table for the description of properties.

a.

Set the authentication process type to LDAP as follows:

      <init-param>

      <param-name>asgAuthProcess</param-name>

      <param-value>LDAP</param-value>

      </init-param>

b.

Set the property file for the LDAP authentication as follows:

      <init-param>

      <param-name>asgAuthPropFile</param-name>

      <param-value>Path to the property file for LDAP Server property file       </param-value>

      </init-param>

c.

Set the timeout value for the login session of the user on the Config UI, as follows:

      <session-config>

      <session-timeout>An integer value in minutes</session-timeout>

      </session-config>

4.

Save the changes to the file.

File-Based Authentication

This method authenticates a user against the user data stored in a file-based repository. This method is not recommended for production purposes.

This section explains the configuration steps to authenticate a user with the credentials stored in a file on the file system. File-based authentication can be defined either in the asg-configui file or web.xml file.

•

To configure asg-configui.tra file, see Configuring asg-configui.tra File.

•

To configure the web.xml file, see Configuring web.xml File

Configuring asg-configui.tra File

To configure the authentication process type as FILE, the authentication property file and session timeout in the asg-configui.tra file, do the following:

1.

Navigate to the ASG_HOME directory.

2.

Open the asg-configui.tra file for editing.

3.

Set the following properties. See Authentication Properties table for the description of properties.

   java.property.com.tibco.asg.designtime.configui.ASGAuthProcess=FILE

   java.property.com.tibco.asg.designtime.configui.ASGPropFile=Full path of the user credentials file

   java.property.com.tibco.asg.designtime.configui.ASGSessionTimeOut=Timeout value (An integer in minutes)

4.

Save the changes to the file.

Configuring web.xml File

To configure the authentication process type as FILE, the authentication property file and session timeout in the web.xml file, do the following:

1.

Navigate to the ASG_HOME/webapp/ASGConfig/WEB-INF directory.

2.

Open the web.xml file for editing.

3.

Set the following properties. See Authentication Properties table for the description of properties.

a.

Set the authentication process type to FILE as follows:

      <init-param>

      <param-name>asgAuthProcess</param-name>

      <param-value>FILE</param-value>

      </init-param>

b.

Set the property file for the FILE-based authentication as follows:

      <init-param>

      <param-name>asgAuthPropFile</param-name>

      <param-value>Path to the user credentials file</param-value>

      </init-param>

c.

Set the timeout value for the login session of the user on the Config UI as follows:

      <session-config>

      <session-timeout>An integer value in minutes</session-timeout>

      </session-config>

4.

Save the changes to the file.

•

If the configuration is of the authentication type, the authentication property file and session timeout parameters are done in both the asg-configui.tra and web.xml files. The asg-configui.tra file has the precedence over the web.xml file.

•

If you want to use the web.xml for configuring the session timeout, remove the ASGSessionTimeOut property from the asg-configui.tra file.

Authentication Property Files

Based on the authentication type, define the property files. The property files are used in the configuration of the authentication process.

If you are using the LDAP server authentication, you should define an LDAP search property file. See LDAP Server Property File for LDAP Server Authentication.

If you are using the FILE-based authentication, define a user credentials file. The user credentials file is a text file containing the usernames and passwords required to login to the Config UI. See User Credentials File for File-Based Authentication.

LDAP Server Property File for LDAP Server Authentication

The LDAP server property file contains the LDAP search properties to connect to the LDAP server and authenticate the user. Define a property file for the LDAP server authentication.

Sample File

The sample file is located in the ASG_HOME/bin/ldapSearch.properties.

LDAP Server Properties Sample File: shows the example properties to be defined in the property file for the LDAP server authentication.

Figure 8 LDAP Server Properties Sample File:

User Credentials File for File-Based Authentication

In the file-based authentication, the credentials of the user are stored in a file. By default, the file is users.pwd file, which contains a list of user names, passwords, and roles. This file is referred as the password file. The user names, passwords, and roles are separated by colon (:) character and each pair must be present on a separate line. The user names are used to login the Config UI for file- based authentication.

The Config UI does not use the role for authentication process. The role is required only by the Management and Monitoring server. It is mandatory to define the role in the users.pwd file. Use GUI_USER as the role in the file when defining the user to log in the Config UI for file- based authentication.

The password in the users.pwd file must be generated using MD5 (Message-Digest 5) hashing algorithm. For example, refer to http://www.md5hasher.net to generate the password using MD5 alogrithm.

Sample File

The sample file is found as follows:

ASG_HOME/mm/config/users.pwd

Sample Property File for File Authentication shows the example file for file-based authentication.

Figure 9 Sample Property File for File Authentication

Default Authentication

By default, TIBCO API Exchange Gateway does not authenticate the user from a file or an LDAP server to login to the Config UI.

When the authentication process property (asgAuthProcess) is blank, the Config UI authenticates the credentials of the user with the values specified by the following parameters in the ASG_HOME/bin/asg-configui.tra file.

−

tibco.env.ASG_ADMIN_USERNAME

−

tibco.env.ASG_ADMIN_PASSWORD

If you do not want the user authentication on an LDAP server or in a file, do the following:

1.

Open the ASG_HOME/bin/asg-configui.tra file for editing.

2.

Set the following property to blank as follows: java.property.com.tibco.asg.designtime.configui.ASGAuthProcess=

(You can also specify the asgAuthProcess parameter as blank in the web.xml file.)

3.

Set the following parameters to specify the username and password:

   tibco.env.ASG_ADMIN_USERNAME

(Example, asgadmin)

   tibco.env.ASG_ADMIN_PASSWORD

(Example, asgadmin or an encrypted value)

4.

Save the changes to the file.

•

The password value for the tibco.env.ASG_ADMIN_PASSWORD property can be in plain text or in TIBCO obfuscated form. The password can be obfuscated using the asg-password-obfuscator utility in the ASG_HOME/bin directory.

•

When the authentication process property (asgAuthProcess) is blank, the Config UI allows only one user for the login as specified by the tibco.env.ASG_ADMIN_USERNAME parameter. If you want multiple users to login to the Config UI, you must use the LDAP or FILE based authentication.