Last Updated on

What’s New In Transact 4.5?


Installer | PKI Authentication Support

Previously, Ephesoft Transact had to be configured manually for PIV/CAC authentication. The user needed to configure and map the server and client certificates after the system has been installed.

The installer of Ephesoft Transact v.4.5.0.0 has been enhanced to provide support for PIC/CAC certificates import. Now, you can select the PKI authentication type and import your PIV/CAC certificates at the time of system installation. All provided data will be saved/updated/mapped automatically in the following files:

  • server.xml (<Ephesoft Transact Installation Directory>\JavaAppServer\conf)
  • web.xml (<Ephesoft Transact Installation Directory>\JavaAppServer\conf)
  • dcma-user.connectivity.properties (<Ephesoft Installation Directory>\Application\WEB-INF\classes\META-INF\dcma-user-connectivity)
  • dcma-batch.properties (<Ephesoft Transact Installation Directory>\Application\WEB-INF\classes\META-INF\dcma-batch)
  • config.properties (included in Ephesoft Transact installation package)

The imported certificates will be stored in the Certs folder of Ephesoft Transact installation directory.

C:\Users\Ephesoft\AppData\Local\Microsoft\Windows\INetCache\Content.Word\11.png

In addition to that, the Ephesoft Transact installer provides an option to select a PKI-config.properties file for auto-filling required fields for PIV/CAC configuration. You can provide PIV/CAC details in the properties file and then simply specify the file location during Transact installation. All required details will be picked up by the system from the properties file automatically.

Note: Ephesoft Transact 4.5.0.0 Installer is shipped as a zip file. To install the application, you need to unzip it, and then run the installer.

 

PKI Authentication Configuration in Ephesoft Transact installer for Windows:

PKI Authentication Configuration in Ephesoft Transact installer for Linux:

 

To configure PKI Authentication during Ephesoft Transact installation on Windows:

1. Start the installation process by running the Ephesoft 4.5.0.0 Windows Installer.

C:\Users\Ephesoft\AppData\Local\Microsoft\Windows\INetCache\Content.Word\16.png

2. Follow the installation process till you reach the Authentication Mode step.

C:\Users\Ephesoft\AppData\Local\Microsoft\Windows\INetCache\Content.Word\17.png

3. Select PKI Authentication to import your PIV/CAC certificates.

C:\Users\Ephesoft\AppData\Local\Microsoft\Windows\INetCache\Content.Word\18.png

4. At this step, you can either provide the path to the file with PIV/CAC configurations or enter all required PIV/CAC authentication details using the Setup Wizard. In this case, let’s select the second option by clicking Next.

5. Now, provide Certificate details for PKI, and click Next to continue.

C:\Users\Ephesoft\AppData\Local\Microsoft\Windows\INetCache\Content.Word\20.png

Configurable property Description
Server Cert Certificate that will be used to recognize your server
Password Password for Server Certificate
CA Cert Certificate that will be used to recognize the certification authority
Password Password for CA Certificate
Alias Name The name of your server certificate as specified in the Trusted Root Certification Authorities folder of the Windows Certificate Manager

 

6. In the Realm Setting for PKI section, provide the details about the realm you have configured for using PKI authentication. Hover over the text field to get more information on each parameter.

Click Next to continue.

C:\Users\Ephesoft\AppData\Local\Microsoft\Windows\INetCache\Content.Word\21.png

Configurable property Description
Connection URL A valid URL to connect to LDAP /Active Directory server. The connection URL should be in the following format: ldap://<server_address>:<port_number>.
Connection Name A valid username to connect and access LDAP /Active Directory server (the username of the user responsible for interacting with the server).
Connection Password A valid password to connect and access LDAP/ Active Directory server (the password of the user responsible for interacting with the server).
User Base The relative path under which all the users’ information will be located. This attribute defines where to look for a user.
User Search A search string for searching users.
Role Base The relative path under which all the roles information will be located. This attribute defines where to look for a role corresponding to a user.
Role Name Role name defines which attribute is used for a role.
Role Search A search string for searching roles.
User Subtree This attribute defines the search scope. Set to true to search the entire subtree rooted at the User base entry. Set to false to request a single-level search including only the top level.
Role Subtree This attribute defines the search scope. Set to true to search the entire subtree rooted at the Role base entry. Set to false to request a single-level search including only the top level.

 

7. Fill in the Connector Settings for PKI section. Click Next to continue.

C:\Users\Ephesoft\AppData\Local\Microsoft\Windows\INetCache\Content.Word\22.png

Configurable property Description
Port Number of the PKI Connector port
SSL protocol Protocol that will be used to secure connection between the client and the server
SSL Enable Protocol The supported versions of selected protocol
Chipper text The algorithm of encryption that will be used between the client and the server

 

8. Provide details related to the user connectivity (the domain, to which the system will connect to get information about the user holding the client certificate).

Click Next to continue.

C:\Users\Ephesoft\AppData\Local\Microsoft\Windows\INetCache\Content.Word\23.png

  • For LDAP, configure the following details. You can hover over the text field to get more information on each parameter.
Configurable property Description
Connectivity URL A valid URL to connect to LDAP server. The connection URL should be in the following format: ldap://<server_address>:<port_number>.
Domain Name The domain component name for the LDAP configuration.
Domain Organization The domain component organization name for the LDAP configuration.
User Name A valid username to connect and access LDAP server (the username of the user responsible for interacting with the server).
Password A valid password to connect and access LDAP server (the password of the user responsible for interacting with the server).
Group Search Filter A search string for searching groups.
User Search Filter A search string for searching users.
Ldap User Base The relative path under which all the users’ information will be located. This attribute defines where to look for a user.
Ldap Group Base The relative path under which all the groups/roles information will be located. This path will be relative to the domain components specified by the user.

 

  • For Active Directory, configure the following details. You can hover over the text field to get more information on each parameter.

Configurable property Description
Connectivity URL A valid URL to connect to LDAP server. The connection URL should be in the following format: ldap://<server_address>:<port_number>.
Domain Name The domain component name for the LDAP configuration.
Domain Organization The domain component organization name for the LDAP configuration.
User Name A valid username to connect and access LDAP server (the username of the user responsible for interacting with the server).
Password A valid password to connect and access LDAP server (the password of the user responsible for interacting with the server).
Group Search Filter A search string for searching groups.
User Search Filter A search string for searching users.
AD Context Path The directory path where the intended user resides. This parameter is optional and can be left empty.
AD Group Search Filter This attribute helps to filter search results and can have the following operators: |(OR), &(AND) and !(NOT). For example, ((!(cn=a*))(|(cn=ephesoft*)(&(cn=b*)))

This parameter is optional and can be left empty.

This completes the process of PIV/CAC certificates import.

9. Proceed with the installation process.

 

To configure PKI Authentication for Ephesoft Transact installation using the config.properties file:

1. Open the config.properties file included in the Ephesoft Transact v.4.5.0.0 installer.

C:\Users\Ephesoft\AppData\Local\Microsoft\Windows\INetCache\Content.Word\24.png

Note: You can either provide the details in the config.properties file or copy PIV/CAC configuration section and save it in a separate PIV/CAC configurations file (e.g. PKI-config.properties file).

2. Configure the details required for PIV/CAC certificates import during installation.

Note: Connectivity details must be provided only for LDAP or MS Active Directory. Tomcat does not require connection configuration.

  • Authentication Mode Configuration
Configurable property Description
pivcac_selected_mode The type of authentication mode you want to use.

  • 0 for Form Authentication
  • 1 for PKI Authentication

 

  • PIV/CAC Certificates Details
Configurable property Description
pivcac_server_cert_path Certificate that will be used to recognize your server.
pivcac_server_cert_password Password for Server Certificate.
pivcac_ca_cert_path Certificate that will be used to recognize the certification authority.
pivcac_ca_cert_password Password for CA Certificate.

 

  • PIV/CAC Realm Configuration
Configurable property Description
pivcac_realm_connection_url A valid URL to connect to LDAP /Active Directory server. The connection URL should be in the following format: ldap://<server_address>:<port_number>.
pivcac_realm_connection_name A valid username to connect and access LDAP /Active Directory server (the username of the user responsible for interacting with the server).
pivcac_realm_connection_password A valid password to connect and access LDAP/ Active Directory server (the password of the user responsible for interacting with the server).
pivcac_realm_user_base The relative path under which all the users’ information will be located. This attribute defines where to look for a user.
pivcac_realm_user_search A search string for searching users.
pivcac_realm_role_base The relative path under which all the roles information will be located. This attribute defines where to look for a role corresponding to a user.
pivcac_realm_role_name Role name defines which attribute is used for a role.
pivcac_realm_role_search A search string for searching roles.
pivcac_realm_userSubtree This attribute defines the search scope. Set to true to search the entire subtree rooted at the User base entry. Set to false to request a single-level search including only the top level.
pivcac_realm_roleSubtree This attribute defines the search scope. Set to true to search the entire subtree rooted at the Role base entry. Set to false to request a single-level search including only the top level.

 

  • Connector Settings for PIV/CAC Configuration
Configurable property Description
pivcac_Connector_port Number of the PKI Connector port.
pivcac_Connector_client_auth True if the client certificate is used for authentication, otherwise false. If a server is enabled with client certificate authentication, only users who attempt to connect from clients loaded with the right client certificates will succeed. Even if a legitimate user attempts to connect with the right username and password, but is not using a client application loaded with the right client certificate, that user will not be granted access.
pivcac_Connector_compression True if the compression algorithm is used to compress the data, otherwise false.
pivcac_Connector_ssl_enabled True if the SSL protocol is used to encrypt the connection between the client and the server. False if the connection is not encrypted.
pivcac_Connector_secure True if communication between the client and the server is secure, otherwise false.
pivcac_Connector_ssl_protocol Protocol that will be used to secure connection between the client and the server.
pivcac_Connector_trust_store_file_path Location of the truststore file (cacert.jks).
pivcac_Connector_trust_store_password Password for the truststore file (cacert.jks).
pivcac_Connector_key_store_file_path Location of the keystore file (servercert.jks).
pivcac_Connector_key_store_password Password for the keystore file (servercert.jks).
pivcac_Connector_ssl_enabled_protocol The supported versions of selected protocol.
pivcac_Connector_ciphers_text The algorithm of encryption that will be used between the client and the server.

 

  • Connectivity User Configuration
Configurable property Description
connectivity_user_connection The type of connection you want to use for the application.

  • 0 for LDAP
  • 1 for MS Active Directory
  • 2 for Tomcat
connectivity_url A valid URL to connect to LDAP /Active Directory server. The connection URL should be in the following format: ldap://<server_address>:<port_number>.
connectivity_domain_name The domain component name for the LDAP/AD configuration.
connectivity_domain_org The domain component organization name for the LDAP/AD configuration.
connectivity_user_name A valid username to connect and access LDAP /Active Directory server (the username of the user responsible for interacting with the server).
connectivity_user_password A valid password to connect and access LDAP/ Active Directory server (the password of the user responsible for interacting with the server).
connectivity_group_search_attribute_filter A search string for searching groups.
connectivity_user_search_attribute_filter A search string for searching users.
connectivity_ldap_user_base The relative path under which all the users’ information will be located. This attribute defines where to look for a user.
connectivity_ldap_group_base The relative path under which all the groups/roles information will be located. This path will be relative to the domain components specified by the user.
connectivity_msad_context_path The directory path where the intended user resides. This parameter is optional and can be left empty.
connectivity_msad_group_search_filter This attribute helps to filter search results and can have the following operators: |(OR), &(AND) and !(NOT). For example, ((!(cn=a*))(|(cn=ephesoft*)(&(cn=b*)))

This parameter is optional and can be left empty.

 

3. Start the Ephesoft Transact installer. In the Authentication Mode section, select PKI Authentication, browse for the file where you saved the settings, and click Next.

C:\Users\Ephesoft\AppData\Local\Microsoft\Windows\INetCache\Content.Word\18-1.png

The installer will pick up information from the file and all the fields related to PIV/CAC configuration will be auto-populated. You just have to confirm the details at each step and click Next to proceed with installation process.

 

To configure PKI Authentication for the silent installation of Ephesoft Transact on Windows:

1. Open the config.properties file shipped along with the installer.

C:\Users\Ephesoft\AppData\Local\Microsoft\Windows\INetCache\Content.Word\18.png

2. Configure the below-mentioned parameters.

Note: Connectivity details must be provided only for LDAP or MS Active Directory. Tomcat does not require connection configuration.

  • Authentication Mode Configuration
Configurable property Description
pivcac_selected_mode The type of authentication mode you want to use.

  • 0 for Form Authentication
  • 1 for PKI Authentication

 

  • PIV/CAC Certificates Details
Configurable property Description
pivcac_server_cert_path Certificate that will be used to recognize your server.
pivcac_server_cert_password Password for Server Certificate.
pivcac_ca_cert_path Certificate that will be used to recognize the certification authority.
pivcac_ca_cert_password Password for CA Certificate.

 

  • PIV/CAC Realm Configuration
Configurable property Description
pivcac_realm_connection_url A valid URL to connect to LDAP /Active Directory server. The connection URL should be in the following format: ldap://<server_address>:<port_number>.
pivcac_realm_connection_name A valid username to connect and access LDAP /Active Directory server (the username of the user responsible for interacting with the server).
pivcac_realm_connection_password A valid password to connect and access LDAP/ Active Directory server (the password of the user responsible for interacting with the server).
pivcac_realm_user_base The relative path under which all the users’ information will be located. This attribute defines where to look for a user.
pivcac_realm_user_search A search string for searching users.
pivcac_realm_role_base The relative path under which all the roles information will be located. This attribute defines where to look for a role corresponding to a user.
pivcac_realm_role_name Role name defines which attribute is used for a role.
pivcac_realm_role_search A search string for searching roles.
pivcac_realm_userSubtree This attribute defines the search scope. Set to true to search the entire subtree rooted at the User base entry. Set to false to request a single-level search including only the top level.
pivcac_realm_roleSubtree This attribute defines the search scope. Set to true to search the entire subtree rooted at the Role base entry. Set to false to request a single-level search including only the top level.

 

  • Connector Settings for PIV/CAC Configuration
Configurable property Description
pivcac_Connector_port Number of the PKI Connector port.
pivcac_Connector_client_auth True if the client certificate is used for authentication, otherwise false. If a server is enabled with client certificate authentication, only users who attempt to connect from clients loaded with the right client certificates will succeed. Even if a legitimate user attempts to connect with the right username and password, but is not using a client application loaded with the right client certificate, that user will not be granted access.
pivcac_Connector_compression True if the compression algorithm is used to compress the data, otherwise false.
pivcac_Connector_ssl_enabled True if the SSL protocol is used to encrypt the connection between the client and the server. False if the connection is not encrypted.
pivcac_Connector_secure True if communication between the client and the server is secure, otherwise false.
pivcac_Connector_ssl_protocol Protocol that will be used to secure connection between the client and the server.
pivcac_Connector_trust_store_file_path Location of the truststore file (cacert.jks).
pivcac_Connector_trust_store_password Password for the truststore file (cacert.jks).
pivcac_Connector_key_store_file_path Location of the keystore file (servercert.jks).
pivcac_Connector_key_store_password Password for the keystore file (servercert.jks).
pivcac_Connector_ssl_enabled_protocol The supported versions of selected protocol.
pivcac_Connector_ciphers_text The algorithm of encryption that will be used between the client and the server.

 

  • Connectivity User Configuration
Configurable property Description
connectivity_user_connection The type of connection you want to use for the application.

  • 0 for LDAP
  • 1 for MS Active Directory
  • 2 for Tomcat
connectivity_url A valid URL to connect to LDAP /Active Directory server. The connection URL should be in the following format: ldap://<server_address>:<port_number>.
connectivity_domain_name The domain component name for the LDAP/AD configuration.
connectivity_domain_org The domain component organization name for the LDAP/AD configuration.
connectivity_user_name A valid username to connect and access LDAP /Active Directory server (the username of the user responsible for interacting with the server).
connectivity_user_password A valid password to connect and access LDAP/ Active Directory server (the password of the user responsible for interacting with the server).
connectivity_group_search_attribute_filter A search string for searching groups.
connectivity_user_search_attribute_filter A search string for searching users.
connectivity_ldap_user_base The relative path under which all the users’ information will be located. This attribute defines where to look for a user.
connectivity_ldap_group_base The relative path under which all the groups/roles information will be located. This path will be relative to the domain components specified by the user.
connectivity_msad_context_path The directory path where the intended user resides. This parameter is optional and can be left empty.
connectivity_msad_group_search_filter This attribute helps to filter search results and can have the following operators: |(OR), &(AND) and !(NOT). For example, ((!(cn=a*))(|(cn=ephesoft*)(&(cn=b*)))

This parameter is optional and can be left empty.

 

3. Save changes.

 

To configure PKI Authentication during Ephesoft Transact installation on Linux:

1. Start the installation process by executing the installer. When offered to install the system using silent installer, select n.

2. Follow the installation process until you reach Authentication Configuration.

C:\Users\Ephesoft\AppData\Local\Microsoft\Windows\INetCache\Content.Word\2-1.png

3. Enter 2 to select PKI Authentication Mode.

Note:

  • When Form Authentication is selected, the users will be required to provide a username and password to log in to the application. This Authentication Mode is used by default.
  • PKI Authentication (Public Key Infrastructure) option is provided if you want to use your PIV card and related certificates.

4. At this step, you can either import the PKI-config.properties file with PIV/CAC configurations or enter all required PIV/CAC authentication details in the console.

Let’s go ahead and select the second option by entering n.

C:\Users\Ephesoft\AppData\Local\Microsoft\Windows\INetCache\Content.Word\4-11.png

5. Provide the path and password for your server certificate (certificate that will be used to recognize your server).

C:\Users\Ephesoft\AppData\Local\Microsoft\Windows\INetCache\Content.Word\5.png

6. Provide the path and password for CA certificate (certificate that will be used to recognize the Certifying Authority). Then, confirm that provided information is correct by entering n. If you want to update the details, press y and change the information as needed.

C:\Users\Ephesoft\AppData\Local\Microsoft\Windows\INetCache\Content.Word\6.png

Note: If any error occurs, for example, if pem file cannot be generated (when incorrect password has been provided) or certificates have already been imported, you will see the exact error message. You can then re-enter the details or can continue with the installation. If you choose to continue, you will be prompted to import the certificate manually before starting the server.

Sample error message If provided password is incorrect

Sample error message If alias already exists/certificate already imported

7. Fill the Connector Settings for PKI section.

C:\Users\Ephesoft\AppData\Local\Microsoft\Windows\INetCache\Content.Word\7.png

Configurable property Description
Port Number of the PKI Connector port.
SSL protocol Protocol that will be used to secure connection between the client and the server.
SSL Enabled Protocol The supported versions of selected protocol.
Chipper text The algorithm of encryption that will be used between the client and the server.

 

To continue, select n. If you want to update the details, press y and change the information as needed.

8. Fill the Realm Settings for PKI section.

C:\Users\Ephesoft\AppData\Local\Microsoft\Windows\INetCache\Content.Word\8.png

  • Connection configuration
Configurable property Description
User Connection Type The type of connection you want to use for the application.

  • 1 for LDAP
  • 2 for MS Active Directory

 

  • Configurable properties common for both LDAP & MS Active Directory
Configurable property Description
Connection URL A valid URL to connect to LDAP /Active Directory server. The connection URL should be in the following format: ldap://<server_address>:<port_number>.
Connection Name A valid username to connect and access LDAP /Active Directory server (the username of the user responsible for interacting with the server).
Connection Password A valid password to connect and access LDAP/ Active Directory server (the password of the user responsible for interacting with the server).
User Base The relative path under which all the users’ information will be located. This attribute defines where to look for a user.
User Search A search string for searching users.
User Subtree This attribute defines the search scope. Set to true to search the entire subtree rooted at the User base entry. Set to false to request a single-level search including only the top level.
Role Base The relative path under which all the roles information will be located. This attribute defines where to look for a role corresponding to a user.
Role Name Role name defines which attribute is used for a role.
Role Search A search string for searching roles.
Role Subtree This attribute defines the search scope. Set to true to search the entire subtree rooted at the Role base entry. Set to false to request a single-level search including only the top level.

 

  • Properties specific to MS-Active Directory configuration
Configurable property Description
MS AD Group Search Filter This attribute helps to filter search results and can have the following operators: |(OR), &(AND) and !(NOT). For example, ((!(cn=a*))(|(cn=ephesoft*)(&(cn=b*)))

This parameter is optional and can be left empty.

To continue, select n. If you want to update the details, press y and change the information as needed.

Now, the import of PIV/CAC certificates is complete and the following message is displayed:

C:\Users\Ephesoft\AppData\Local\Microsoft\Windows\INetCache\Content.Word\9.png

9. Proceed with the installation process.

 

To configure PKI Authentication for Ephesoft Transact installation using the PKI-config.properties file:

1. Open the PKI-config.properties file located in the Response-Files folder which is shipped along with Ephesoft Transact 4.5.0.0 installer for Linux.

C:\Users\Ephesoft\AppData\Local\Microsoft\Windows\INetCache\Content.Word\3.png

2. Configure the details required for PIV/CAC certificates import during installation.

C:\Users\Ephesoft\AppData\Local\Microsoft\Windows\INetCache\Content.Word\3-3.png

  • PKI Authentication Configuration
Configurable property Description
input_pki_server_cert_path Location of the Server certificate
input_pki_ca_cert_path Location of the Certifying Authority certificate
input_pki_connector_port_number Number of the PKI connector port
input_pki_connector_ssl_protocol Protocol that will be used to secure connection between the client and the server
input_pki_connector_ssl_enabled_protocol The supported versions of selected protocol
input_pki_connector_chipper_text The algorithm of encryption that will be used between the client and the server

 

  • Connection configuration
Configurable property Description
input_connectivity_user_connection The type of connection you want to use for the application.

  • 1 for LDAP
  • 2 for MS Active Directory

 

  • Configurable properties common for both LDAP & MS Active Directory
Configurable property Description
input_realm_connection_url A valid URL to connect to LDAP /Active Directory server. The connection URL should be in the following format: ldap://<server_address>:<port_number>.
input_realm_connection_name A valid username to connect and access LDAP /Active Directory server (the username of the user responsible for interacting with the server).
input_realm_user_base The relative path under which all the users’ information will be located. This attribute defines where to look for a user.
input_realm_user_search A search string for searching users.
input_realm_user_sub_tree This attribute defines the search scope. Set to true to search the entire subtree rooted at the User base entry. Set to false to request a single-level search including only the top level.
input_realm_role_base The relative path under which all the roles information will be located. This attribute defines where to look for a role corresponding to a user.
input_realm_role_name Role name defines which attribute is used for a role.
input_realm_role_search A search string for searching roles.
input_realm_role_sub_tree This attribute defines the search scope. Set to true to search the entire subtree rooted at the Role base entry. Set to false to request a single-level search including only the top level.

 

  • Properties specific to MS-Active Directory configuration
Configurable property Description
input_msactivedirectory_group_search_filter This attribute helps to filter search results and can have the following operators: |(OR), &(AND) and !(NOT). For example, ((!(cn=a*))(|(cn=ephesoft*)(&(cn=b*)))

This parameter is optional and can be left empty.

 

3. Run the Ephesoft Transact installer.

4. In the Authentication Configuration section, enter 2 to select PKI Authentication mode.

C:\Users\Ephesoft\AppData\Local\Microsoft\Windows\INetCache\Content.Word\2-1.png

5. Enter y in response to the question “Do you want to import PKI configuration from properties file?” and provide the location of your configurations file.

C:\Users\Ephesoft\AppData\Local\Microsoft\Windows\INetCache\Content.Word\4-33.png

The system will pick up the details and populate them on the screen automatically.

Note: The passwords for the certificates and realm connection are not provided in the PKI-config.properties file. You will have to enter and confirm them at the time of installation.

 

To configure PKI Authentication for the silent installation of Ephesoft Transact on Linux:

1. Open the config.properties file shipped along with the installer.

2. Configure the below-mentioned parameters.

C:\Users\Ephesoft\AppData\Local\Microsoft\Windows\INetCache\Content.Word\1.png

C:\Users\Ephesoft\AppData\Local\Microsoft\Windows\INetCache\Content.Word\3.png

  • Authentication Mode Configuration
Configurable property Description
input_authentication_mode The type of authentication mode you want to use.

  • 1 for Form Authentication
  • 2 for PKI Authentication

 

  • PKI Authentication Configuration
Configurable property Description
input_pki_server_cert_path Location of the Server certificate.
input_pki_server_cert_password Password for the Server certificate.
input_pki_ca_cert_path Location of the Certifying Authority certificate.
input_pki_ca_cert_password Password for the Certifying Authority certificate.
input_pki_alias_name A unique string to identify the keystore entry.
input_pki_connector_port_number Number of the PKI connector port.
input_pki_connector_ssl_protocol Protocol that will be used to secure connection between the client and the server.
input_pki_connector_ssl_enabled_protocol The supported versions of selected protocol.
input_pki_connector_chipper_text The algorithm of encryption that will be used between the client and the server.

 

  • Connection configuration
Configurable property Description
input_connectivity_user_connection The type of connection you want to use for the application.

  • 1 for LDAP
  • 2 for MS Active Directory
  • 3 for Tomcat

 

  • Configurable properties common for both LDAP & MS Active Directory
Configurable property Description
input_realm_connection_url A valid URL to connect to LDAP /Active Directory server. The connection URL should be in the following format: ldap://<server_address>:<port_number>.
input_realm_connection_name A valid username to connect and access LDAP /Active Directory server (the username of the user responsible for interacting with the server).
input_realm_user_base The relative path under which all the users’ information will be located. This attribute defines where to look for a user.
input_realm_user_search A search string for searching users.
input_realm_user_sub_tree This attribute defines the search scope. Set to true to search the entire subtree rooted at the User base entry. Set to false to request a single-level search including only the top level.
input_realm_role_base The relative path under which all the roles information will be located. This attribute defines where to look for a role corresponding to a user.
input_realm_role_name Role name defines which attribute is used for a role.
input_realm_role_search A search string for searching roles.
input_realm_role_sub_tree This attribute defines the search scope. Set to true to search the entire subtree rooted at the Role base entry. Set to false to request a single-level search including only the top level.

 

  • Properties specific to MS-Active Directory configuration
Configurable property Description
input_msactivedirectory_group_search_filter This attribute helps to filter search results and can have the following operators: |(OR), &(AND) and !(NOT). For example, ((!(cn=a*))(|(cn=ephesoft*)(&(cn=b*)))

This parameter is optional and can be left empty.

 

3. Save changes.