Replace login for config UI
Default authentication for the web ui uses an internal user. It is possible to reconfigure the PhenixID server to use external datasource for authentication. This article will describe how to use an Active Directory as primary source using username & password.
Before performing steps below be sure to backup the server configuration.
PhenixID also support multifactor authentication. Contact PhenixID support if having any questions regarding multifactor authentication.
Connect to the AD
Add a connection by adding to the "CONNECTIONS" bucket (If planing to use an existing connection this step can be skipped).
In the modal window click "Advanced"
Modify the snippet below according to the environment and paste it into the dialog. Values within "<>" need to be changed. Do not keep "<>".
{
"id": "<unique_id>",
"type": "ldap",
"name": "<logic_name>",
"description": "<description>",
"config": {
"host": "<host_or_ip>",
"port": "<port>",
"bind_dn": "<DN>",
"password": "<password>",
"use_ssl": "<true/false>",
"ssl_trust_all": "<true/false>",
"follow_referrals": "false",
"auto_reconnect": "true",
"use_keep_alive": "true",
"response_timeout_ms": "30000",
"pool_initial_size": "1",
"pool_max_size": "2"
}
}Stage and save the changes. Verify server logs for a sucessfull connection between server and LDAP host.
Prepare the user validation
Add a new PIPE...
In the modal window click "Advanced"
Modify the snippet below according to the environment and paste it into the dialog. Values within "<>" need to be changed. Do not keep "<>".
{
"id": "<unique_id>",
"description": "<description>",
"valves": [
{
"name": "SessionLoadValve",
"config": {
"id": "{{request.session_id}}"
}
},
{
"name": "LDAPSearchValve",
"config": {
"connection_ref": "<id_of_ldap_connection>",
"base_dn": "<>",
"scope": "SUB",
"size_limit": "0",
"filter_template": "(&(objectclass=person)(memeberOf=<DN_of_group>)(uid={{request.username}}))"
"attributes": "displayname"
}
},
{
"name": "LDAPBindValve",
"config": {
"connection_ref": "<id_of_ldap_connection>",
"password_param_name": "password"
}
},
{
"name": "PropertyAddValve",
"config": {
"name": "roles",
"value": "sysadmin"
}
},
{
"name": "SessionPropertyReplaceValve",
"config": {
"name": "display_name",
"value": "{{item.displayname}}"
}
},
{
"name": "SessionPersistValve",
"config": {}
}
]
}Prepare the authenticator
In the modal window click "Advanced"
Modify the snippet below according to the environment and paste it into the dialog. Values within "<>" need to be changed. Do not keep "<>".
{
"id": "<unique_id>",
"alias": "login",
"name": "PostUidAndPassword",
"configuration": {
"pipeID": "<id_of_created_pipe>",
"successURL": "/config/",
"translationKey": "login.messages.information.body.enduser",
"headingtranslationKey": "login.messages.information.header.enduser"
}
}Stage and save the changes.
Update boot.json
Locate the "auth_redirect_url" and change the value to "/config/authenticate/login". Save the file and restart server.