circle-info
Welcome to the new Logpoint documentation portal! Can’t find what you’re looking for?
Logpoint Documentationarrow-up-right
search

Configure Authentication

hashtag
Director Console Authentication

You need your Director Console credentials for logging in.

chevron-rightLog Into Director Consolehashtag

  1. Enter the IP address of the API Server in a web browser.

  2. Enter your Username and Password.

  3. Click Log In.

circle-info

After two consecutive login attempts, captcha authentication is required for the next login.

hashtag
LDAP Authentication

LDAP (Lightweight Directory Access Protocol) is a service protocol used to communicate with internet directories over an Internet Protocol (IP) network. If your organization uses LDAP for managing users, you can configure Director Console to pull user authentication and role-based access control rules from your LDAP directory. This allows the Director Console to manage user access and roles according to the rules defined in your organization’s LDAP system. When a user’s role is changed in LDAP authentication from a directory server, the new role is applied at their next login into the Director Console.

chevron-rightConfigure LDAPhashtag

Before configuring LDAP, execute the following command as cmdr-admin to unlock the port for LDAP:

addldapsrv <IP_address> <port>

IP_address is the IP address of the LDAP server and port is the port to configure LDAP.

circle-check

  • You can run the addldapsrv command as cmdr-admin to load all the previous firewall rules after upgrading Director Console to a new version. Once you execute the command, you need to update your password.

  • The com-appinstaller command updates the physical and tunnel IP address of the Fabric Server in the API Server. If you have run this command, you must re-run the addldapsrv command to let LDAP users log into the Director Console and save configurations.

To configure LDAP Authentication:

  1. Log in as the root user.

  2. Go to Authentication >> LDAP.

  3. In Base Settings, enter the LDAP URL. It consists of the LDAP address and the port number of the LDAP server. If you are using secure ports in the LDAP URL, you must use the following format:

    ldaps://<IP_address>:<port>

    Example: ldaps://10.45.3.109:636

  4. Enter a Bind DN. It is an unique name for the LDAP server.

  5. Enter your LDAP Password.

  6. Enter a Base DN in the form of an Organization Unit (OU) and a Directory Controller (DC).

  7. In Authenticate Using, select dn to use standard DN format for login, uid to use uid for login (uid for Linux system), SAM Account Name to use SAM Account Name for login (SAM Account Name for Windows), and User Principal Name to use User Principal Name for internet-style login.

  8. Enter a Group Member Attribute which is the attribute of the group member provided in the LDAP server.

  9. Enter a User Search Filter to apply a user filter to the results from the LDAP groups.

  10. Select Enable CN Filter to filter users by their Common Name (CN). When using Active Directory (AD) for authentication with Director Console, enabling the CN Filter is required. It is recommended not to nest an LDAP account within an Active Directory group.

  11. Enter the LDAP groups that have the Root Access, the Admin Access, and the User Access permissions in Role Settings.

    For example, if the Group Member Attribute entered is gidNumber, you must add the gidNumber of the group member in the:

    • Root Access for root permission

    • Admin Access for admin permission

    • User Access for normal user permission

  12. Click Update.

chevron-rightLog In Using LDAP Credentialhashtag

  1. Enter the IP address of the API Server into a web browser.

  2. Select LDAP from the drop-down.

  3. Enter your Username and Password.

  4. Click Log In.

Captcha authentication is required on the next login after two consecutive failed login attempts.

hashtag
ADFS Authentication

You can also use the ADFS authentication in Director Console. ADFS (Active Directory Federation Services) allows single sign-on (SSO) authentication for Director Console based on your local Active Directory login.

circle-info

  • You must have a unique email address attributed to your ADFS account to use the ADFS service. The SAM Account Name must also be unique for each user.

  • When you change the role of any user in the LDAP or ADFS authentication from the respective directory server, the new role only enters into effect from the next login.

chevron-rightConfigure ADFS in Director Consolehashtag

  1. Log in as the root user.

  2. Go to Authentication >> ADFS.

  3. In the ADFS Configuration section, enter the Application Host URL, the Active Directory Federation Services URL, and the Trust Identifier.

    circle-info

    We recommend you use the name of the server that is used to generate the token-signing certificate, as the name of the Trust Identifier. It is a unique identifier for the Relying Party Trust added to the ADFS server.

  4. Upload the Certificate pair and the ADFS token-signing certificate.

    circle-info

    You can obtain the ADFS token signing certificate from the AD FS Server. The ADFS token-signing certificate must have a .cer extension.

    Refer to the Generating AD FS Certificate section for details.

  5. Click Update to save the settings.

  6. Click View Metadata to view the metadata used to configure Relying Party Trusts.

After configurng ADFS in Director Console, configure Director Console in AD FS server.

chevron-rightGenerate AD FS Certificate hashtag

  1. Open Server Manager in your Windows machine.

  2. Click Tools and select AD FS Management. It opens up the AD FS management console.

  3. Expand Service and select Certificates.

  4. Select the Token-Signing certificate from the list of certificates.

  5. Go to the Details section of the Certificates tab.

  6. Click Copy to File. It opens up the Certificate Export Wizard.

  7. Click Next.

  8. Select the Base-64 encoded X.509 (.CER) format.

  9. Click Next.

  10. Enter a File name and click Next.

  11. Click Browse to select a location to save the file.

  12. Click Finish to complete the export.

chevron-rightAdd Director Console in AD FS Serverhashtag

  1. Open the AD FS Management console.

  2. In AD FS >> Relying Party Trusts, right click and select Add Relying Party Trust.

  3. Click Start on the welcome page of the Add Relying Party Trust Wizard.

  4. On the Select Data Source page, select the Import data about the relying party from a file option.

  5. Import the previously created XML file and click Next.

  6. Enter the Display Name for the application on the Specify Display Name page.

  7. Click Next.

  8. Select an access control policy under Choose an access control policy.

  9. Click Next. This action takes you to the Ready to Add Trust page.

  10. Click Next on the Ready to Add Trust page.

  11. Select the Configure claims insurance policy for this application option on the Finish page.

  12. Click Close.

chevron-rightAdd Claim Rules for Director Console in AD FS Serverhashtag

  1. After you have successfully added a Relying Party Trust, click the Edit Claim Issuance Policy option. It opens up the Edit Claim Issuance Policy for Application tab.

  2. Click Add Rule. It opens up the Add Transform Claim Rule Wizard.

  3. Click Next.

  4. In the Configure Rule page:

    4.1. Enter a Claim rule name.

    4.2. Select Active Directory as the Attribute store.

    4.3. In the Mapping of LDAP attributes to outgoing claim types table, map the following:

    4.3.1. Select User-Principal-Name as an LDAP Attribute and UPN as an Outgoing Claim Type.

    4.3.2. Select User-Principal-Name as an LDAP Attribute and UID as an Outgoing Claim Type.

    4.3.3. Select Is-Member-Of-DL as an LDAP Attribute and Group as an Outgoing Claim Type.

  5. Click Finish. This action redirects you to the Edit Claim Issuance Policy for Application tab.

  6. Click Add Rule. It opens up the Add Transform Claim Rule Wizard.

  7. Click Next with the default Claim rule template.

  8. In the Configure Rule page:

    8.1. Enter a Claim rule name.

    8.2. Select Active Directory as the Attribute Store.

    8.3. In the Mapping of LDAP attributes to outgoing claim types table, select E-Mail-Addresses as an LDAP Attribute and E-Mail Address as an Outing Claim Type.

  9. Click Finish. This action redirects you to the Edit Claim Issuance Policy for Application tab once again.

  10. Click Add Rule. It opens up the Add Transform Claim Rule Wizard. Select Transform an Incoming Claim as the Claim rule template.

  11. Click Next.

  12. In the Configure Rule page:

    12.1. Enter a Claim rule name.

    12.2. Select E-Mail Address as the Incoming claim type.

    12.3. Select Name ID as the Outing claim type.

    12.4. Select Email as the Outgoing name ID format.

    12.5. Select Pass through all claim values.

  13. Click Apply.

chevron-rightLog In using ADFS Credentialshashtag

  1. Enter the IP address of the API Server in a web browser.

  2. Select ADFS Sign In from the login page.

  3. Enter your Username and Password.

  4. Click Sign in.

Last updated

Was this helpful?