Difference between revisions of "CTP Authentication Using LDAP"

From MircWiki
Jump to navigation Jump to search
(Created page with "This article describes how to configure CTP to use an LDAP server to authenticate users. The intended audience for this article is CTP administrators. The authentication mechani...")
 
Line 1: Line 1:
 
This article describes how to configure CTP to use an LDAP server to authenticate users. The intended audience for this article is CTP administrators.
 
This article describes how to configure CTP to use an LDAP server to authenticate users. The intended audience for this article is CTP administrators.
  
The authentication mechanism used by CTP is specified in the <b><tt>Server</tt></b> element in the CTP configuration file (<b><tt>config.xml</tt></b>).
+
The authentication mechanism used by CTP is specified in the <b><tt>Server</tt></b> element in the CTP configuration file (<b><tt>config.xml</tt></b>). This element is described in the [[CTP-The_RSNA_Clinical_Trial_Processor#Server|top-level CTP article]]. To configure CTP to use LDAP authentication, several additional attributes are added to the element.
 +
 
 +
<pre>
 +
        <Server
 +
            port="80"
 +
            ssl="no"
 +
            requireAuthentication="no"
 +
            proxyIPAddress=""
 +
            proxyPort=""
 +
            proxyUsername=""
 +
            proxyPassword=""
 +
            usersClassName="org.rsna.server.UsersLdapFileImpl"
 +
            initialContextFactory="com.sun.jndi.ldap.LdapCtxFactory"
 +
            providerURL="org.rsna.server.UsersXmlFileImpl"
 +
            securityAuthentication="simple"
 +
            securityPrincipal="cn=${username}, ou=people, dc=med, dc=university, dc=edu" />
 +
</pre>
 +
where:
 +
*<b>port, ssl, requireAuthentication, proxyIPAddress, proxyPort, proxyUsername, proxyPassword</b> are described in the [[CTP-The_RSNA_Clinical_Trial_Processor#Server|article]] referenced above.
 +
*<b>usersClassName</b> specifies the Java class to be used for authentication of users. To use the LDAP authentication mechanism described in this article, the value shown above <b>must</b> appear in the attribute.
 +
*<b>initialContextFactory</b> specifies the Java class used to link to the LDAP server. The value shown above is the default. Unless there is a specific reason to specify a different class, it is best to omit this attribute.
 +
*<b>providerURL</b> specifies the URL of the LDAP server. It typically begins with <b><tt>ldap://</tt></b> or <b><tt>ldaps://</tt></b>. This URL will be obtained from the LDAP system administrator.
 +
*<b>securityAuthentication</b> specifies the way the credentials are passed to the server. The default is shown above. Unless there is a reason to use a different valule, it is best to omit this attribute.
 +
*<b>securityPrincipal</b> specifies a string that is processed before being passed to the server when the context is created. For more on this attribute, see below.

Revision as of 19:06, 10 October 2011

This article describes how to configure CTP to use an LDAP server to authenticate users. The intended audience for this article is CTP administrators.

The authentication mechanism used by CTP is specified in the Server element in the CTP configuration file (config.xml). This element is described in the top-level CTP article. To configure CTP to use LDAP authentication, several additional attributes are added to the element.

        <Server 
            port="80"
            ssl="no"
            requireAuthentication="no"
            proxyIPAddress=""
            proxyPort=""
            proxyUsername=""
            proxyPassword=""
            usersClassName="org.rsna.server.UsersLdapFileImpl"
            initialContextFactory="com.sun.jndi.ldap.LdapCtxFactory"
            providerURL="org.rsna.server.UsersXmlFileImpl"
            securityAuthentication="simple"
            securityPrincipal="cn=${username}, ou=people, dc=med, dc=university, dc=edu" />

where:

  • port, ssl, requireAuthentication, proxyIPAddress, proxyPort, proxyUsername, proxyPassword are described in the article referenced above.
  • usersClassName specifies the Java class to be used for authentication of users. To use the LDAP authentication mechanism described in this article, the value shown above must appear in the attribute.
  • initialContextFactory specifies the Java class used to link to the LDAP server. The value shown above is the default. Unless there is a specific reason to specify a different class, it is best to omit this attribute.
  • providerURL specifies the URL of the LDAP server. It typically begins with ldap:// or ldaps://. This URL will be obtained from the LDAP system administrator.
  • securityAuthentication specifies the way the credentials are passed to the server. The default is shown above. Unless there is a reason to use a different valule, it is best to omit this attribute.
  • securityPrincipal specifies a string that is processed before being passed to the server when the context is created. For more on this attribute, see below.