Using Active Directory Authentication
To configure the Web Author Administration page to use authentication from an Active Directory server:
-
Edit the shiro.ini file located in the following location depending on your type of distribution:
- WAR distribution: WEB-INF/shiro.ini
- Windows/Linux/All Platforms: tomcat/webapps/oxygen-xml-web-author/WEB-INF/shiro.ini
- Disable the default user password authentication configuration by
deleting the lines between "Start user-password admin auth config" and "End
user-password admin auth
config":
# <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< # Start user-password admin auth config: usersFileRealm = ro.sync.adminauth.userpassword.UserPasswordAdminRealm passwordMatcher = org.apache.shiro.authc.credential.PasswordMatcher passwordService = ro.sync.adminauth.userpassword.PlainAndHashedPasswordService hashFormatFactory = ro.sync.adminauth.userpassword.PlainHashFormatFactory passwordService.hashFormatFactory = $hashFormatFactory passwordMatcher.passwordService = $passwordService usersFileRealm.credentialsMatcher = $passwordMatcher securityManager.realms = $usersFileRealm authc = ro.sync.adminauth.userpassword.UserPasswordFormAuthFilter authc.loginUrl = /admin-login # End user-password admin auth config. # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> - Uncomment the Active Directory authentication configuration by
deleting leading "#" characters, for
example:
# <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< # Start Active Directory admin auth config: # activeDirectoryRealm = ro.sync.adminauth.ad.ActiveDirectoryRealm activeDirectoryRealm.url=ldap://<server-address>:389 activeDirectoryRealm.principalSuffix=@my-company.ro activeDirectoryRealm.searchBase=CN=Users,DC=mycompany,DC=com activeDirectoryRealm.groupRolesMap="CN=Web Author Admins,DC=mycompany,DC=com":"admin" # activeDirectoryRealm.systemUsername=<user> activeDirectoryRealm.systemPassword=*** # securityManager.realms = $activeDirectoryRealm # authc = ro.sync.adminauth.userpassword.UserPasswordFormAuthFilter authc.loginUrl = /admin-login # # # End Active Directory admin auth config. # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -
Configure it according to your Active Directory server, where:
principalSuffixis usually the mail domain so that you do not have to enter it in the login form.CN=Users,DC=mycompany,DC=rois a query used to search for the user.CN=Web Author Admins,DC=mycompany,DC=rois the group that will have access to the Web Author Administration page.
Note:
The embedded license server does not support Active Directory authentication. The admin
user for that license server is the one configured during the installation procedure.