Configuring Server Properties - Security
Xi
Logon Exit General Properties
Xi
Logon Exit User Source Parameters
See also: Server Administration Application Home Page
Introduction
Properties are divided into sections; click on a section header to open it to display the properties. Click the Save button at the bottom of the page to save the properties. These properties are saved to file security.properties in the ebaseConf folder of the web application e.g. UfsServer/tomcat/webapps/ufs/ebaseConf/security.properties.
The icon 
shown to the left of a property indicates that
the server must be restarted before a property change is activated. Changes to
all other properties are effective immediately.
Click More Info.. at the right-hand side of each property to display help for that property.
User Authentication
|
Label |
Property Name |
Requires Restart |
Description |
|
Logonexit.enabled |
No |
Check this property to enable automatic
authentication of new users. This authentication occurs as each new user
session is created or when a HTTP request is made from an unauthenticated
user. When this option is checked, unauthenticated users are not allowed
access to the system. When checked, authentication is performed by
the servlet specified by property Ufs.logonExitServlet.
This in turn refers to a servlet configured in web.xml which by default will
invoke the supplied Xi Logon Exit program. Click here for further details and step
by step configuration instructions. Caution! Enabling this property carries
the risk that you might not be able to sign on to the Server Administration Application
again to turn it off. If this happens, the change can be backed out by
editing the property in file <webapp>/ebaseConf/security.properties: Logonexit.enabled=false |
Xi Logon Exit General Properties
These properties apply in the following circumstances:
- Property Enable Authentication Of New Users is checked
- The default Xi Logon Exit is configured (LogonExitServlet is mapped to class com.ebasetech.ufs.xi.security.authentication.XILogonExitServlet in file web.xml)
Click here for further details of
configuring authentication using the supplied XI Logon Exit.
|
Label |
Property Name |
Requires Restart |
Description |
|
Logonexit.InputFromUser |
No |
When checked, the page configured with property Logonexit.LogonPage is displayed and allows the user to manually enter a userid/password or any other authentication data. When unchecked, the logon System Service configured with the next property Logon Service URL is invoked. See comments and links at the
top of this section. |
|
|
Default Logon Service Web Service Name |
Logonexit.WebService |
No |
The web service name of the default Logon System Service. If not specified the default is ebaseLogonService. This service will be invoked on the local server using a special internal URL. See comments and links at the top of this section. |
|
Logonexit.InvalidLogonPage |
No |
The URL of the HTML or JSP page presented to the user when logon fails. The default is samples/logon/logonInvalid.jsp. See comments and links at the top of this section. |
|
|
Logonexit.LogonPageCode |
No |
This is the error code which is returned by the logon System Service to indicate that the user must sign on manually and the logon page defined by the previous property Logon Page Code should be displayed. The default for this parameter is JSP. |
|
|
Logonexit.TimeoutPage |
No |
This page is displayed in the event of a timeout. The default is ufs_timeout_page.htm. See comments and links at the top of this section. |
|
|
Logonexit.LogonPage |
No |
This page is used for manual signon by the end user. It is displayed when property Show Userid/Password Panel above is checked or the invoked logon System Service returns the error code specified in property Logon Page Code above. See comments and links at the top of this section. |
|
|
Logonexit.MaxLogonAttempts |
No |
The maximum number of logon attempts before the logon is considered invalid. This is used for manual sign on by the end user. The default if not specified is 3. See comments and links at the top of this section. |
|
|
Logonexit.UserParm1 |
No |
The default name of the first URL request parameter in the page configured in property Logon Page above. The default if not specified is e_username. See comments and links at the top of this section. |
|
|
Logonexit.UserParm2 |
No |
The default name of the first URL request parameter in the page configured in property Logon Page above. The default if not specified is e_password. See comments and links at the top of this section. |
|
|
Logonexit.UserParm3 |
No |
The default name of the first URL request parameter in the page configured in property Logon Page above. The default if not specified is jsp_param3. See comments and links at the top of this section. |
Xi Logon Exit User Source Parameters
These properties apply in the following circumstances:
- Property Enable Authentication Of New Users is checked
- The default Xi Logon Exit is configured (LogonExitServlet is mapped to class com.ebasetech.ufs.xi.security.authentication.XILogonExitServlet in file web.xml)
- Property
Show Userid/Password Panel is unchecked
These six properties describe where the system should source
user related information that is to be used to control the logon operation. The
system extracts this information automatically and then invokes the logon
System Service specified in property Logon Service URL
passing these parameters. Between one and three parameters can be configured
where each one consists of a:
- Parameter Name - The name of the parameter
- Parameter Source - The source
where the parameter is to be extracted from
Parameter Sources:
- URL - parameter value is extracted from the named request URL parameter
- HEADER - parameter value is extracted from the named request header parameter or the request object using method getXxx() where xxx is the parameter name
- COOKIE - parameter value is extracted from the named cookie
Click here for further details of
configuring authentication using the supplied XI Logon Exit.
|
Label |
Property Name |
Requires Restart |
Description |
|
Parameter Name 1 |
Logonexit.ParameterName1 |
No |
Name for Parameter 1 |
|
Parameter Source 1 |
Logonexit.ParameterSource1 |
No |
Parameter Source 1 |
|
Parameter Name 2 |
Logonexit.ParameterName2 |
No |
Name for Parameter 2 |
|
Parameter Source 2 |
Logonexit.ParameterSource2 |
No |
Parameter Source 2 |
|
Parameter Name 3 |
Logonexit.ParameterName3 |
No |
Name for Parameter 3 |
|
Parameter Source 3 |
Logonexit.ParameterSource3 |
No |
Parameter Source 3 |
LDAP Properties
Configuration properties for an LDAP Server e.g. Active Directory. These properties are used by:
- com.ebasetech.xi.services.LDAPServices API class accessible from Javascript
- LDAP User Attributes
- LDAP Login Module (deprecated)
|
Label |
Property Name |
Requires Restart |
Description |
|
Ldap.RegistryHost |
No |
Hostname or ip address of the
LDAP registry system. |
|
|
Ldap.RegistryPort |
No |
Port used by the LDAP registry system. The default is 389. |
|
|
Ldap.RegistrUrl |
No |
The URL used to access the LDAP
registry system. If specified, this overrides properties Registry Host and |
|
|
Ldap.UserKeyAttributeName |
No |
The user attribute Ebase Xi uses to search the registry for user data. This attribute should uniquely identify the user. Use sAMAccountName with Active Directory. The default is cn. |
|
|
Ldap.BindDistinguishedName |
No |
The full DN used by Ebase Xi to connect to the repository. This parameter supplies the “userid” for connections to the LDAP Registry. If not specified, Ebase Xi will bind as 'Anonymous'. Note that anonymous binding is only supported by LDAP V3 systems. |
|
|
Ldap.BindPassword |
No |
The password to be used with the previous property to connect to the repository. |
|
|
Ldap.BaseDistinguishedName |
No |
The DN suffix to be applied to all LDAP attribute searches. This will be one or more key=value pairs separated by commas which should be specified in reverse order of the LDAP hierarchy tree, i.e. tree root appears last. This parameter should specify the lowest point in the directory tree which is common for all userid searches e.g. if your registry contains a number of paths containing userid definitions, this parameter should specify a point in the directory that is common for all paths. Ebase Xi searches use subtree scope for directory searches, so the root directory could be specified if necessary. |
|
|
Ldap.UserRoleAttributeName |
No |
This property applies only when one of the deprecated LDAP login modules are used. It specifies the attribute within the LDAP system that contains a comma delimited list of Ebase security roles to be associated with the user. |
|
|
Ldap.CacheRefreshPeriod |
No |
This property applies only when LDAP User Attributes are used. It specifies the number of minutes cached attribute data is kept in the cache before it is treated as stale and refreshed from the LDAP registry system. The default is 0 (no refresh takes place). |
Sample LDAP properties needed to connect to Active Directory using LDAPServices:
Ldap.RegistryHost=ebt9999
Ldap.BaseDistinguishedName=ou=development,o=ebase
Ldap.UserKeyAttributeName=sAMAccountName
Ldap.BindDistinguishedName=Admin@ebase
Ldap.BindPassword=xxxxx
Advanced Security Properties
These properties all have default values that should rarely, if ever, be changed.
|
Label |
Property Name |
Requires Restart |
Description |
|
Ufs.logonExitServlet |
Yes |
Specifies the relative URL of
the logon exit program. This defaults to LogonExitServlet
and should not normally be changed. |
|
|
Ufs.loginModuleEntryName |
Yes |
This property applies only when the deprecated EbaseLogonExit program is used, and specifies the name of the login module entry. |
|
|
Ufs.userManager |
Yes |
Specifies the class to be used for the authentication manager component. This provides the opportunity to replace the authentication manager component of the Ebase Security system. |
|
|
Ufs.authorisationManager |
Yes |
Specifies the class to be used for the authorization manager component. This provides the opportunity to replace the authorization manager component of the Ebase Security system. |