WINAP adding the authentication method manually - SSO

Owned by John Jellema
2023-11-02

Although the method can be added through the user interface, it can be added manually using the instructions below.
These techniques will enable automated scripting that may be desirable in a development or multitenant service center environment.

Preparing the Authentication Method LDIF File

To use Windows Authentication Provider you must add a Windows Authentication Provider object to your Ubisecure Directory. The file methods-ad.ldif contains an entry which has been prepared with the correct path in the LDAP hierarchy of the Ubisecure Directory installation. By default, this file will be in the directory C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\ldap (Windows environments) or /usr/local/ubisecure/ldap (Linux environments).
Locate the block marked Windows Authentication Provider within the LDIF file and copy it into a separate LDIF file (e.g., windows-ap.ldif). Be careful to insert a line break after the last character of the last line.

Listing 1. Part of methods-ad.ldif
# Generic Authentication Provider

dn: cn=windows.localdomain.1,cn=Server,ou=System,cn=Ubilogin,dc=localhost
changetype: add
cn: windows.localdomain.1
objectClass: top
objectClass: ubiloginAuthMethod
ubiloginAuthMethodType: Agent
ubiloginClassname: ubilogin.method.provider.UbiloginAgentV0Method
ubiloginEnabled: FALSE
ubiloginTitle: Windows Localdomain

As this is a general purpose LDIF block, some attributes will have to be separately configured for the Ubisecure Windows Authentication Provider.

  1. cn: windows.localdomain.1 
    – Replace “localdomain” with the name of the domain that hosts the Windows Authentication Provider. If there are multiple Ubisecure Windows Authentication Providers for this domain, increment the number at the end as needed.
  2. dn: cn=windows.localdomain.1,... 
    – Modify this value so that the cn component matches the value configured in the “cn” attribute.
  3. ubiloginTitle: Windows Localdomain  
    – This value is a friendly name that will be shown in Ubisecure Management application. Replace the value “Windows Localdomain“, with something more significant, like “Windows SSO for localdomain”.

Importing the Authentication Method LDIF File to Ubisecure Directory

Use the Ubisecure Directory import script to import the winagent.ldif into your directory.

Listing 2. Importing windows-ap.ldif on Linux
cd /usr/local/ubisecure/ubilogin-sso/ubilogin/ldapsh openldap/import.sh windows-ap.ldif
Listing 3. Importing windows-ap.ldif on Windows
cd /d "c:\Program Files\Ubisecure\ubilogin-sso\ubilogin\ldap"adam\import.cmd windows-ap.ldif

After executing the import script, the Authentication Provider object is created in your Ubisecure Directory. You may now proceed with configuring this authentication method for use in the Ubisecure Server Management application.

Ubisecure Privacy Policy & Cookie Statement