The authentication in the CentraSite Registry Repository is configured with default settings during installation. You can define additional authentication configurations, and you can change the default configuration to be one of the additional configurations.
The default authentication configuration determines the user repository that will be used to authenticate users who log on to CentraSite. Initially, the default user repository is CentraSite's own user repository, which has the domain name INTERNAL. You might want to define additional configurations that define for example an LDAP user repository.
You can view and modify the authentication settings using the command line tool CentraSiteCommand.cmd (Windows) or CentraSiteCommand.sh (UNIX). The tool is located in <CentraSiteInstallDir>/utilities.
The parameters of the command are case-sensitive, so for example the parameter "-url" must be specified as shown and not as "-URL".
To list details of a particular configuration, use a command of the following form:
CentraSiteCommand get Authentication [-url <CENTRASITE-URL>] -user <USER-ID> -password <PASSWORD> -domain <DOMAIN>
The following table describes the complete set of input parameters that
you can use with the get Authentication utility:
| Parameter | Description |
|---|---|
-url |
The fully qualified URL (http://localhost:53305/CentraSite/CentraSite or http://localhost:53307/CentraSite/CentraSite) for the CentraSite registry/repository. |
-user |
The user ID of a user who has the "CentraSite Administrator" role. |
-password |
The password of the user identified by the parameter "-user". |
-domain |
The domain name of the user repository associated with the configuration. |
For example:
CentraSiteCommand get Authentication -url "http://localhost:53307/CentraSite/CentraSite" -user "Administrator" -password "manage" -domain "LDAPDomain"
The details are returned as an XML file. The XML file has a root element
ino:domain that has the following attributes:
| Element name | Description |
|---|---|
| ino:acceptusers |
Meaning: This specifies whether to allow access of any user that is correctly authenticated by the authentication service or whether to only allow access by users that are explicitly defined in CentraSite. Possible values: "all" - Allow access of any user that is correctly authenticated by the authentication service; "defined" (default value) - allow access only to users defined in CentraSite |
| ino:casesensitiveuserids |
Meaning: This determines whether or not user names in this domain are case-sensitive. Possible values: true - user IDs in this domain are case-sensitive; false - user IDs are not case-sensitive |
| ino:default |
Meaning: This determines whether or not the configuration is the default configuration. Possible values: true - This is the default configuration; false - this is not the default configuration. |
| ino:domainid |
Meaning: The domain name of the user repository associated with the configuration. |
| ino:domaintype |
Meaning: The type of user repository associated with the configuration. Possible values: Typical values are: "INTERNAL" (the default domain), or a Windows domain name or an LDAP domain name. |
| ino:expire |
Meaning: The amount of time (in seconds) that the user is cached in the server after successful authentication. Changes made to the user, e.g. deletion or password changes, do not take effect until this time has elapsed. The default is 120 seconds. This setting is provided for performance reasons. A value of 120 seconds is reasonable. If the connection to the LDAP server is slow, you can increase this figure. |
| ino:usegroups |
Meaning: This specifies whether to use the external group information from domains; for example, the groups in an Active Directory Server or in an LDAP server. Possible values: true - use external group information; false (default value) - do not use external group information. |
Here is an example of an authentication configuration returned as an XML file:
<ino:domain xmlns:ino="http://namespaces.softwareag.com/tamino/response2"
ino:acceptusers="all" ino:casesensitiveuserids="false" ino:default="false"
ino:domainid="LDAP" ino:domaintype="ldap" ino:expire="120" ino:usegroups="true">
<ino:param ino:content="ldap://ldapserver12" ino:name="host"/>
<ino:param ino:content="10389" ino:name="port"/>
<ino:param ino:content="ApacheDS" ino:name="ldap_server_type"/>
<ino:param ino:content="ou=people,ou=RegionNorth,o=WidgetCo" ino:name="ldap_person_dn"/>
<ino:param ino:content="inetOrgPerson" ino:name="ldap_person_object"/>
<ino:param ino:content="cn" ino:name="ldap_user_field"/>
<ino:param ino:content="ou=groups,ou=RegionNorth,o=WidgetCo" ino:name="ldap_group_dn"/>
<ino:param ino:content="groupOfUniqueNames" ino:name="ldap_group_object"/>
<ino:param ino:content="uniqueMember" ino:name="ldap_group_person_attribute"/>
<ino:param ino:content="rd" ino:name="ldap_resolve_groups"/>
<ino:param ino:content="TRUE" ino:name="useLdapTechUser" />
<ino:param ino:content="c:\softwareag\centrasite\bin\cred.txt" ino:name="techLdapUserCredFile" />
<ino:param ino:content="c:\softwareag\centrasite\bin\key.txt" ino:name="techLdapUserKeyFile" />
<ino:configuration>
<ino:group>
<ino:properties>
<ino:mapping ino:external="description" ino:local="description"/>
</ino:properties>
</ino:group>
<ino:user>
<ino:properties>
<ino:mapping ino:local="organization" ino:external="org"/>
<ino:mapping ino:local="emailAddresses:emailAddress:address" ino:external="mail"/>
<ino:mapping ino:local="telephoneNumbers:telephoneNumber:number" ino:external="telephoneNumber"/>
<ino:mapping ino:local="telephoneNumbers:telephoneNumber:countryCode" ino:external="telephoneCode"/>
<ino:mapping ino:local="telephoneNumbers:telephoneNumber:extension" ino:external="telephoneExt"/>
<ino:mapping ino:local="telephoneNumbers:telephoneNumber:areaCode" ino:external="telephoneAreaCode"/>
<ino:mapping ino:local="personName:firstName" ino:external="cn"/>
<ino:mapping ino:local="description" ino:external="description"/>
<ino:mapping ino:local="postalAddresses:postalAddress:postalCode:" ino:external="postalcode"/>
<ino:mapping ino:local="postalAddresses:postalAddress:city:" ino:external="postalcity"/>
<ino:mapping ino:local="postalAddresses:postalAddress:stateOrProvince" ino:external="stateorprovince"/>
<ino:mapping ino:local="postalAddresses:postalAddress:country" ino:external="countrycode"/>
<ino:mapping ino:local="URL" ino:external="E-mail"/>
</ino:properties>
</ino:user>
</ino:configuration>
</ino:domain>
For details of the meaning of fields that are required for the configuration, see the document Authentication Topics and LDAP.
To set the default configuration, use a command of the following form:
CentraSiteCommand set DefaultDomain [-url <CENTRASITE-URL>] -user <USER-ID> -password <PASSWORD> -domain <DOMAIN>
The following table describes the complete set of input parameters that
you can use with the set DefaultDomain utility:
| Parameter | Description |
|---|---|
-url |
The fully qualified URL (http://localhost:53307/CentraSite/CentraSite) for the CentraSite registry/repository. |
-user |
The user ID of a user who has the "CentraSite Administrator" role. |
-password |
The password of the user identified by the parameter "-user". |
-domain |
The domain name of the user repository associated with the configuration. |
For example:
CentraSiteCommand set DefaultDomain -url "http://localhost:53307/CentraSite/CentraSite" -user "Administrator" -password "manage" -domain "LDAPdomain"
An authentication configuration containing the specified domain must already exist in CentraSite.
You can add a configuration by using one of the following methods:
specifying a configuration file containing a complete configuration as input to CentraSiteCommand
using CentraSiteCommand's interactive wizard
specifying a LDAP domain name
Tip:
For the meaning of fields that are required for the configuration,
see the document Authentication Topics and
LDAP.
To add a configuration using a configuration file, use a command of the following form:
CentraSiteCommand set Authentication [-url <CENTRASITE-URL>] -user <USER-ID> -password <PASSWORD> -file <CONFIG-FILE>
The following table describes the complete set of input parameters that
you can use with the set Authentication utility:
| Parameter | Description |
|---|---|
-url |
The fully qualified URL (http://localhost:53307/CentraSite/CentraSite) for the CentraSite registry/repository. |
-user |
The user ID of a user who has the "CentraSite Administrator" role. |
-password |
The password of the user identified by the parameter "-user". |
-file |
The URI (file: or http:) of the configuration file. |
For example:
CentraSiteCommand set Authentication -url "http://localhost:53307/CentraSite/CentraSite" -user "Administrator" -password "manage" -file "config.xml"
To create the XML configuration file, you can use the get
Authentication utility described above to retrieve an existing
configuration as an XML file, then modify the entries as required.
To add a configuration using CentraSiteCommand's interactive
wizard
CentraSiteCommand set Authentication [-url <CENTRASITE-URL>] -user <USER-ID> -password <PASSWORD>
The following table describes the complete set of input parameters
that you can use with the set Authentication utility:
| Parameter | Description |
|---|---|
-url |
The fully qualified URL (http://localhost:53307/CentraSite/CentraSite) for the CentraSite registry/repository. |
-user |
The user ID of a user who has the "CentraSite Administrator" role. |
-password |
The password of the user identified by the parameter "-user". |
-file |
The URI (file: or http:) of the configuration file. |
For example:
CentraSiteCommand set Authentication -url "http://localhost:53307/CentraSite/CentraSite" -user "Administrator" -password "manage"
Follow the steps in the wizard to define the LDAP configuration. The wizard takes you through a set of dialogs in order to define the following information:
Basic LDAP Host configuration
User configuration
User information mapping
Group configuration
Group information mapping
Group resolution configuration
The domain ID of the configuration
Tip:
For the meaning of fields that are required for the
configuration, see the document Authentication Topics and
LDAP.
To add a configuration using a LDAP domain name, use a command of the following form:
CentraSiteCommand set Authentication [-url <CENTRASITE-URL>] -user <USER-ID> -password <PASSWORD> [-domain <DOMAIN>]
The following table describes the complete set of input parameters that
you can use with the set Authentication utility:
| Parameter | Description |
|---|---|
-url |
The fully qualified URL (http://localhost:53307/CentraSite/CentraSite) for the CentraSite registry/repository. |
-user |
The user ID of a user who has the "CentraSite Administrator" role. |
-password |
The password of the user identified by the parameter "-user". |
-domain |
The domain name of the user repository associated with the configuration. |
For example:
CentraSiteCommand set Authentication -url "http://localhost:53307/CentraSite/CentraSite" -user "Administrator" -password "manage" -domain LDAPdomain
To modify a configuration, use a command of the following form:
CentraSiteCommand set Authentication [-url <CENTRASITE-URL>] -user <USER-ID> -password <PASSWORD> [-domain <DOMAIN>]
The following table describes the complete set of input parameters that
you can use with the set Authentication utility:
| Parameter | Description |
|---|---|
-url |
The fully qualified URL (http://localhost:53307/CentraSite/CentraSite) for the CentraSite registry/repository. |
-user |
The user ID of a user who has the "CentraSite Administrator" role. |
-password |
The password of the user identified by the parameter "-user". |
-domain |
The domain name of the user repository associated with the configuration. |
For example:
CentraSiteCommand set Authentication -url "http://localhost:53307/CentraSite/CentraSite" -user "Administrator" -password "manage" -domain LDAPdomain
This command invokes a command line wizard that runs through the same steps as the wizard for adding a configuration. The wizard displays the stored values for the configuration's fields and allows you to enter new values if required.
To remove a configuration, use a command of the following form:
CentraSiteCommand remove Authentication [-url <CENTRASITE-URL>] -user <USER-ID> -password <PASSWORD> -domain <DOMAIN>
The following table describes the complete set of input parameters that
you can use with the remove Authentication utility:
| Parameter | Description |
|---|---|
-url |
The fully qualified URL (http://localhost:53307/CentraSite/CentraSite) for the CentraSite registry/repository. |
-user |
The user ID of a user who has the "CentraSite Administrator" role. |
-password |
The password of the user identified by the parameter "-user". |
-domain |
The domain name of the user repository associated with the configuration. |
For example:
CentraSiteCommand remove Authentication -url "http://localhost:53307/CentraSite/CentraSite" -user "Administrator" -password "manage" -domain "LDAPdomain"
You cannot remove the pre-installed domain "INTERNAL".
You also cannot remove a configuration that is the current default configuration. If you want to delete such a configuration, you must first change the default configuration to another configuration.
You can use a validation command to check whether the configuration is set up correctly and can be used to log in. A domain user name and password must be specified additionally to validate the domain.
To validate a configuration, use a command of the following form:
CentraSiteCommand validate Authentication [-url <CENTRASITE-URL>] -user <USER-ID> -password <PASSWORD> -domain <DOMAIN>
The following table describes the complete set of input parameters that
you can use with the validate Authentication utility:
| Parameter | Description |
|---|---|
-url |
The fully qualified URL (http://localhost:53307/CentraSite/CentraSite) for the CentraSite registry/repository. |
-user |
The user ID of a user who has the "CentraSite Administrator" role. |
-password |
The password of the user identified by the parameter "-user". |
-domain |
The domain name of the user repository associated with the configuration. |
For example:
CentraSiteCommand validate Authentication -url "http://localhost:53307/CentraSite/CentraSite" -user "Administrator" -password "manage" -domain "domain"
