The following sections explain how to configure your environment to support AuthLink authentication. Preparing your environment includes configuring authentication properties and configuring a secured connection. It is recommended to contact Jacada Support (support@jacada.com) for assistance in performing this configuration. 

Note: If you have an on premise installation, verify that the Authentication Link application has been properly set up. For details, refer to the Jacada Interact Installation Guide (Setting Up the Authentication Link).

To successfully use AuthLink authentication, customers with cloud accounts (i.e., no on-premise installation of Jacada Interact) need to have one dedicated local Tomcat server to run the authlink.war (a file provided by Jacada). This server, which is known as the authlink server, must:

  • be able to connect to your LDAP server.
  • be exposed to Jacada's Interact servers, i.e., the Interact servers need to be able to reach it via HTTP or HTTPS (recommended).

Setting up AuthLink authentication for cloud accounts involves the following steps:

1. Set up the authlink.war on your local server.

2. Configure the properties in the authentication.properties file (explained in the section below).

3. In the Jacada Interact Admin Console, configure the settings of the relevant application(s) to use the authlink for authentication by providing the public URL of your authlink server. For more details, refer to Configuring Application Settings.

Configuring Authentication Properties

The authentication.properties file is a configuration file for the LDAP server settings. This file is provided as part of the distribution package.

The properties related to LDAP server settings are listed in the following table. Each property needs to be configured according to your LDAP settings and directory structure.

Some of the properties involve mapping between your user groups and Jacada Interact roles. For details about the different roles and associated privileges, refer to Roles and Permissions.

PropertyDescription/NotesExample
ldap.url
The URL for the LDAP server. It may be separated to host, port, and schema.
ldap://10.90.17.46:389
ldap.base
The LDAP root from which all searches are started.t
dc=devdomain,
dc=develop,dc=com
ldap.user
The full DN of the Admin user used for LDAP connectivity. This user is never exposed to the Interaction Server.
cn=interact,cn=Users,
dc=devdomain,dc=
develop,dc=com
ldap.password
Password of the Admin user. When the application starts, the value of this property is encrypted by the server. The password is thus never exposed to the Interaction Server.  
ldap.password.
encrypted
This flag specifies whether the
ldap.password
is clear text or encrypted. Initially the value should be
false.
When the application starts, the server encrypts the value of
ldap.password
and saves the encrypted value back to the properties file. The value of the
ldap.password.encrypted
property is then set to
true.
For details about how to change the password, refer to the procedure below the table.
 
ldap.user.
loginAttribute
This property is used to bind users during authentication. To allow users to login using different properties, a comma separated list of values can be used.
uid, sAMAccountName
ldap.user.
objectClass
Name of the object class that identifies a user.
person
ldap.user.
memberOf.attribute
This property is used to identify group memberships of users.
memberOf
ldap.group.
name.attribute
Identifies a group name.
cn
ldap.group.
memberOf.attribute
This property is used to identify group memberships of groups.t
memberOf
ldap.group.
search.depth
Defines the number of levels (up the group hierarchy) that are searched when a search for group membership is done. When the value is set to 0, the search is done only on the groups to which the user directly belongs.
3
ldap.admin.groups
A comma separated list of Admin group names. Users belonging to any of these groups will have Account Admin privileges in the Jacada Interact Admin Console.
Administrators.group2,group3
ldap.sysadmin.groups
A comma separated list of System Admin group names. Users belonging to any of these groups will have System Admin privileges in the Jacada Interact Admin Console.
sysadmin.group1
ldap.agent.groups
A comma separated list of Agent group names. Users belonging to any of these groups will have Agent privileges in the Jacada Interact Admin Console.
Agents.group4
ldap.intadmin.groups
A comma separated list of Interaction Admin group names. Users belonging to any of these groups will have Interaction Admin privileges in the Jacada Interact Admin Console.
Agents.group5
ldap.designer.groups
A comma separated list of Designer group names. Users belonging to any of these groups will have Designer privileges in the Jacada Interact Admin Console.
Designers.group6
token.timeout
The time period (in minutes) for which the access token provided by the Authentication Link server is valid.  

The following example shows sample content of the authentication.properties file:

#LDAP Properties
#Tue Mar 08 10:43:29 EST 2016
ldap.admin.groups=Administrators
ldap.group.search.depth=3
ldap.user=cn\=interact, cn\=Users,dc\=devdomain,dc\=develop,dc\=com
ldap.agent.groups=Administrators
ldap.user.loginAttribute=cn,uid,sAMAccountName
ldap.user.memberOf.attribute=memberOf
ldap.group.name.attribute=cn
ldap.sysadmin.groups=Administrators
ldap.intadmin.groups=Administrators
ldap.password.encrypted=true
ldap.user.objectClass=person
ldap.password=Hca72ROiW_RCA0itgXlKkg
ldap.group.memberOf.attribute=memberOf
ldap.base=dc\=devdomain,dc\=develop,dc\=com
ldap.url=ldap\://10.90.17.46\:389
ldap.designer.groups=Administrators
#Token Service Properties
#Tue Mar 08 10:43:29 EST 2016
token.timeout=600

To change the password:

  1. Set the
    ldap.password.encrypted
    property to
    false.
  2. Set the
    ldap.password
    property to the value of the new password (in clear text).
  3. Restart the server.
    The application encrypts the new password, and writes the value back to the properties file.

Configuring Authentication Properties

Jacada Interact supports an SSL connection to the LDAP server, using ldaps.

To configure a secured connection:

  1. Set the
    ldap.url
    property to use SSL. For example,
    ldap.url = ldaps://10.90.17.46:636.
  2. Export the LDAP server certificate, and import it to your Tomcat's JVM.

Revision:

Comments