Problem:
How do we configure OverOps to allow users to login with their LDAP SSO account and access all environments?
Solution:
The following template can be used to ensure all necessary settings are present to be able to configure authentication via LDAP and allow OverOps to handle the authorization.
Note: All settings must be configured in the my.server.properties file located under /<INSTALL_PATH>/takipi-server/conf/tomcat/shared/ directory.
GLOBAL_DOMAIN_AUTH_ENABLED=true
GLOBAL_DOMAIN_AUTH_TYPE=LDAP
GLOBAL_DOMAIN_AUTH_LDAP_URL=ldap://<LDAP_server_address>
GLOBAL_DOMAIN_AUTH_LDAP_BIND_USER=cn=<bind_user>,dc=<domain>,dc=com
GLOBAL_DOMAIN_AUTH_LDAP_BIND_PASSWORD=<bind_password>
GLOBAL_DOMAIN_AUTH_LDAP_BASE_DN=dc=<domain>,dc=com
GLOBAL_DOMAIN_AUTH_LDAP_USERS_QUERY=(<ldap_attribute_name>=?)
LDAP_SAML_EMAIL_FIELD_NAMES=email;mail
LDAP_SAML_FIRSTNAME_FIELD_NAMES=gn;givenName;firstName
LDAP_SAML_LASTNAME_FIELD_NAMES=sn;surName;lastName
LDAP_SAML_PHONE_FIELD_NAMES=telephoneNumber;phone;telephone;phoneNumber
GLOBAL_DOMAIN_INITIALIZER=<email_of_environment_owner>
Explanation:
This setup ensures that users are being authenticated via LDAP and are given access to the OverOps website.
The domain initializer will be the owner for all available environments, which should all be the same email address to ensure all available environments will be eligible to be provided access to.
For additional information on the use of these fields, please review the following doc:
Configure LDAP for On-Premises Deployments
For explanation on each of the parameters being used, please refer to the following docs:
On Premises Configuration of LDAP
4.53 SAML Security Updates