When using AuthLink authentication, you need to prepare your server environment to include authentication properties and secured connections.

Note: If you have an on premise installation, verify that the Authentication Link application has been properly set up. For details, refer to Setting Up the Authentication Link in the Jacada Interact Installation Guide.

Contact Jacada Support (support@jacada.com) for assistance in configuration, if needed.

To successfully use AuthLink authentication, customers with cloud accounts (i.e., no on-premise installation of Jacada Interact) need to have one dedicated local Tomcat server to run the authlink.war (a file provided by Jacada). This server, called the authlink server, must:

  • be able to connect to your authentication server, and
  • be exposed to Jacada's Interact servers, i.e., the Interact servers need to be able to reach it via HTTP or HTTPS (recommended).

Cloud setup for AuthLink authentication includes the following steps:

  1. Set up the authlink.war on your local server.
  2. Configure the properties in the authentication.properties file (explained in the section below).
  3. In the Jacada Interact Admin Console, configure the settings of the relevant application(s) to use the authlink for authentication by providing the public URL of your authlink server. For more details, refer to Configuring Application Settings.

Configuring AuthLink Properties for LDAP

Note: Interact also enables direct LDAP authentication, without using AuthLink. For more information, see Configuring LDAP Authentication.

The authentication.properties file is a configuration file for LDAP server settings. This file is provided with Interact out-of-the-box as part of the distribution package.

Properties related to LDAP server settings are listed in the following table. Each property needs to be configured according to your LDAP settings and directory structure.

Some of the properties map between your User groups and Jacada Interact Roles. For details about the different roles and associated privileges, refer to Roles and Permissions.

Property Description Example
ldap.url
The URL for the LDAP server. It may be separated to host, port, and schema.
ldap://10.90.17.46:389
ldap.base
The LDAP root from which all searches are started.t
dc=devdomain,
dc=develop,dc=com
ldap.user
The full DN of the Admin user used for LDAP connectivity. This user is never exposed to the Interaction Server.
cn=interact,cn=Users,
dc=devdomain,dc=
develop,dc=com
ldap.password
Password of the Admin user. When the application starts, the value of this property is encrypted by the server. The password is thus never exposed to the Interaction Server.  
ldap.password.
encrypted
This flag specifies whether the
ldap.password
is clear text or encrypted. Initially the value should be
false.
When the application starts, the server encrypts the value of
ldap.password
and saves the encrypted value back to the properties file. The value of the
ldap.password.encrypted
property is then set to
true.
For details about how to change the password, refer to the procedure below the table.
 
ldap.user.
loginAttribute
This property is used to bind users during authentication. To allow users to login using different properties, a comma separated list of values can be used.
uid, sAMAccountName
ldap.user.
objectClass
Name of the object class that identifies a user.
person
ldap.user.
memberOf.attribute
This property is used to identify group memberships of users.
memberOf
ldap.group.
name.attribute
Identifies a group name.
cn
ldap.group.
memberOf.attribute
This property is used to identify group memberships of groups.t
memberOf
ldap.group.
search.depth
Defines the number of levels (up the group hierarchy) that are searched when a search for group membership is done. When the value is set to 0, the search is done only on the groups to which the user directly belongs.
3
ldap.admin.groups
A comma separated list of Admin group names. Users belonging to any of these groups will have Account Admin privileges in the Jacada Interact Admin Console.
Administrators.group2,group3
ldap.sysadmin.groups
A comma separated list of System Admin group names. Users belonging to any of these groups will have System Admin privileges in the Jacada Interact Admin Console.
sysadmin.group1
ldap.agent.groups
A comma separated list of Agent group names. Users belonging to any of these groups will have Agent privileges in the Jacada Interact Admin Console.
Agents.group4
ldap.intadmin.groups
A comma separated list of Interaction Admin group names. Users belonging to any of these groups will have Interaction Admin privileges in the Jacada Interact Admin Console.
Agents.group5
ldap.designer.groups
A comma separated list of Designer group names. Users belonging to any of these groups will have Designer privileges in the Jacada Interact Admin Console.
Designers.group6
token.timeout
The time period (in minutes) for which the access token provided by the Authentication Link server is valid.  

The following example shows sample content of the authentication.properties file:

#LDAP Properties
#Tue Mar 08 10:43:29 EST 2016
ldap.admin.groups=Administrators
ldap.group.search.depth=3
ldap.user=cn\=interact, cn\=Users,dc\=devdomain,dc\=develop,dc\=com
ldap.agent.groups=Administrators
ldap.user.loginAttribute=cn,uid,sAMAccountName
ldap.user.memberOf.attribute=memberOf
ldap.group.name.attribute=cn
ldap.sysadmin.groups=Administrators
ldap.intadmin.groups=Administrators
ldap.password.encrypted=true
ldap.user.objectClass=person
ldap.password=Hca72ROiW_RCA0itgXlKkg
ldap.group.memberOf.attribute=memberOf
ldap.base=dc\=devdomain,dc\=develop,dc\=com
ldap.url=ldap\://10.90.17.46\:389
ldap.designer.groups=Administrators
#Token Service Properties
#Tue Mar 08 10:43:29 EST 2016
token.timeout=600

Changing a Password

  1. Set the
    ldap.password.encrypted
    property to
    false.
  2. Set the
    ldap.password
    property to the value of the new password (in clear text).
  3. Restart the server. The application encrypts the new password, and writes the value back to the properties file.

Using an SSL Connection

Jacada Interact supports an SSL connection to the LDAP server, using ldaps.

  1. Set the
    ldap.url
    property to use SSL. For example,
    ldap.url = ldaps://10.90.17.46:636.
  2. Export the LDAP server certificate, and import it to your Tomcat's JVM.

Revision:

Comments