Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space IDS and version 8.2.0

...

Extracting the Distribution Package

Code Block
languagetext
themeRDark
titleListing 1. Extract the zip file
cd /d "C:\Program Files\Ubisecure"unzip httpheaderap-X.X.XXXX.zip

As a result, the following directory structure is created:

Code Block
languagetext
themeRDark
titleListing 2. Directory structure
httpheaderap
├───ldap
├───logs
└───webapp
	└───WEB-INF
		├───classes
		├───lib
		└───uap
			└───metadata

...

Create a SAML identity provider configuration by running the following script containing base URL. Please note that the java command must be found in PATH to run this script.

Code Block
languagetextthemeRDark
titleListing 3. Create SAML configuration
cd /d "C:\Program Files\Ubisecure\httpheaderap"
java -jar webapp\WEB-INF\lib\ubisaml2.jar Generate https://example.com/httpheaderap -o webapp\WEB-INF\uap -y -disable SingleLogoutService

...

By default, the log files are generated to the following directory.

Code Block
languagetextthemeRDark
titleListing 4. Default location of log files in Windows installation
c:\Program Files\Ubisecure\httpheaderap\logs


In Unix installations, the log directory must be configured manually by modifying the log configuration file in the following location.

Code Block
languagetext
themeRDark
titleListing 5. Location of the log configuration
httpheader/webapp/WEB-INF/uap/log4j.properties


In Unix installations, the recommended location of the log files is the following directory.

Code Block
languagetext
themeRDark
titleListing 6. Recommended location of log files in Unix installation
/usr/local/httpheaderap/logs

...

The http header set by 3rd party Identity Provider are set to context parameters in web.xml.

Code Block
languagetextthemeRDark
titleListing 7. Location of the web.xml
httpheader/webapp/WEB-INF/web.xml

...

Additional attributes that will be sent with authentication if present are set to context parameter com.ubisecure.saml2.uap.httpheaderap.attributes in a comma separated list. The name of the attribute sent to UAS is the same as the name of the header. This list is a white list, meaning that no other attributes are sent than those present in this list and if header is not present, it is not sent.

Code Block
theme
languagetextRDark
titleListing 8. Example configuration using header sm_user for subject name and a list of other headers that are sent as attributes.
    <context-param>
        <param-name>com.ubisecure.saml2.uap.httpheaderap.subject</param-name>
        <param-value>sm_user</param-value>
    </context-param>
 
    <context-param>
        <param-name>com.ubisecure.saml2.uap.httpheaderap.attributes</param-name>
        <param-value>sm_realm,sm_universalid,sm_authtype,sm_userdn</param-value>
    </context-param>

...

Export the SAML identity provider metadata by running the following script.

Code Block
languagetext
themeRDark
titleListing 9. Creating SAML metadata file
cd /d "C:\Program Files\Ubisecure\httpheaderap"
java -jar webapp\WEB-INF\lib\ubisaml2.jar Metadata webapp\WEB-INF\uap -idp -f metadata.xml -y

...

The authentication method is added to the Ubisecure Directory by importing LDAP LDIF script files. Replace the dn and cn attributes with the name of the authentication method instance and use the following scripts to import the LDIF to Ubisecure Directory.

Code Block
languagetextthemeRDark
titleListing 10. Windows
cd /d "C:\Program Files\Ubisecure\httpheaderap"
c:\ubisecure\ldap\adam\import.cmd ldap\httpheaderap.ldif


Code Block
theme
languagetextRDark
titleListing 11. Linux
cd /usr/local/httpheaderap
sh /usr/local/ubisecure/ldap/openldap/import.sh ldap/httpheaderap.ldif


Code Block
languagetext
themeRDark
titleListing 12. Sample contents of httpheaderap.ldif
#
# HTTP Header Authentication Provider
# 
dn: cn=httpheaderap.ubilogin.1,cn=Server,ou=System,cn=Ubilogin,dc=localhost
changetype: add
cn: httpheaderap.ubilogin.1
objectClass: top
objectClass: ubiloginAuthMethod
ubiloginAuthMethodType: SAML
ubiloginClassname: ubilogin.method.provider.saml2.AssertionConsumerMethod
ubiloginEnabled: FALSE
ubiloginTitle: httpheaderap.ubilogin.1

...

Use the context parameter from Listing 13 in the HTTP Header Authentication Provider web.xml file and redeploy HTTP Header Authentication Provider to use the test page.

Code Block
languagetextthemeRDark
titleListing 13. Enable test page in httpheaderap/webapp/WEB-INF/web.xml
<context-param>
    <param-name>com.ubisecure.saml2.uap.testpage</param-name>
    <param-value>true</param-value>
</context-param>

...