Log in to Performance Dashboard

Performance Dashboard uses the option provided by the Tomcat Web application server of only allowing access to Web pages managed using contexts after specifying a user name and a valid password.

When a user name and password or password token have been entered, Performance Dashboard establishes a Corba connection to the source system to verify the login. This connection is configured by the login module assigned to the context. All login modules are managed in the central jaas.config file.

The Performance Dashboard setup creates appropriate login modules for all clients that exist in the PPM system.

A login module consists of a particular section of text in the jaas.config file in the form:

<Login module name> {

<Attribute list>

};

The login module configuration is made up of direct entries and properties (key/value pairs). A login module for Performance Dashboard is made up of the following information:

PPMLoginModule_<Name> {

com.idsscheer.ppmweb.common.auth.ZJAASLoginModule

REQUIRED

source="ppm"

debug="false"

connectorclass="com.idsscheer.ppmweb.common.connector.ZPSCBasePPMConnector"

client="..."

strictauthentication="true"

user="..."

corbaurl="..."

password="..."

passwordsencrypted="false";

};

Property

Description

source

Source system type to be used for authentication.

debug

Switch for log output, valid values true, false. The value true results in extended log output for the authentication procedure in the output for the Web application server.

connectorclass

Depends on the value of the source property. Set during installation.

client

Depends on the value of the source property - if PPM is the source system, the PPM client is specified.

user

User that establishes the connection to the source system that is then used to authenticate the specified dashboard user.

password

User password (user).

Setup writes the passwords in encrypted form, but unencrypted passwords are also supported.

The user specified in the login module should not be the same as the user that is used to log into the dashboard. When using PPM you can create a separate user as the connection user for the dashboard. This user does not need function or process access privileges.

Example

During installation, a context with the corresponding login module is created for access to Performance Dashboard for each client in the PPM system. The context name is made up of ppm#APD_<client name> and the login module name from PPMLoginModule_<client name>.

For the English demo scenario umg_en, APD_umg_en is selected as the context name and PPMLoginModule_umg_en as the login module name. The context configuration file ppm#APD_umg_en.xml is created in the conf\catalina\localhost subdirectory of the Tomcat installation with the following semantic content:

<Context path="/APD_umg_en"

docBase="${ppmweb.unpacked.pc2.dir}/webapp"

crossContext="true"

aliases="/WEB-INF/base-config=${ppm.datadir}/webapp/WEB-INF/base-config,

/WEB-INF/config=${ppm.datadir}/webapp/WEB-INF/config,

/WEB-INF/context=${ppm.datadir}/webapp/WEB-INF/context,

/assets/config=${ppm.datadir}/webapp/assets/config

<Realm className = "org.apache.catalina.realm.JAASRealm"

appName = "PPMLoginModule_umg_en"

userClassNames = "com.idsscheer.ppmweb.common.auth.ZJAASUserInfo"

roleClassNames = "com.idsscheer.ppmweb.common.auth.ZJAASRoleInfo"

debug = "99"

/>

<Manager className="org.apache.catalina.session.PersistentManager" saveOnRestart="false"/>

</Context>

The jaas configuration file jaas.config in the directory <PPM installation directory>\server\bin\work\data_ppm\jaas\ contains the following data for the client umg_en.

PPMLoginModule_umg_en {

com.idsscheer.ppmweb.common.auth.ZJAASLoginModule

REQUIRED

source="ppm"

debug="false"

connectorclass="com.idsscheer.ppmweb.common.connector.ZPSCBasePPMConnector"

client="umg_en"

strictauthentication="true"

user="system"

corbaurl="pcapd.company.com:900"

password="#*+[2C6?],€@(¯è [8D?]Õ1R®I’µ`ùZ±Çµ òï=+*#"

passwordsencrypted="false";

};