Personalised authentication
This document describes how to set up a custom authentication valve for DigDash Enterprise.
Prerequisites
- Have the <Install DD>/add-ons/CustomAuthenticator folder containing all the files needed to set up the custom authentication valve in the DigDash Tomcat server. The placement of these files is described in this document.
- The following operations must be carried out with the DigDash server stopped.
Configuring the DigDash server
Copy the libraries
Copy the libraries and the log configuration file from the <install DD>/add-ons/CustomAuthenticator/tomcat folder to the :
- under Linux: /usr/share/tomcat9/lib/
- under Windows: C:\Program Files\Apache Software Foundation\Tomcat 9.0\lib
Files to copy :
- commons-codec-1.15.jar
- commons-logging-1.2.jar
- custom_authenticator.jar
- httpclient-4.5.5.jar
- httpcore-4.4.9.jar
- httpmime-4.5.5.jar
- log4j-1.2-api-2.19.0.jar
- log4j-api-2.19.0.jar
- log4j-core-2.19.0.jar
Adding the custom authentication valve
Activate the custom authentication valve in the context.xml file located in the :
- on Linux: /etc/tomcat9/context.xml
- under Windows: C:\Program Files\Apache Software Foundation\Tomcat 9.0\conf
To do this, look for the <Context ...> element in the file, uncomment or add the <Valve ...> element below:
sharedPasswd="secret"
allowAddr=".*localhost.*,.*127.0.0.*"
portalUrl="<url>?login=${login}&token=${token}"
fallbackAuth="LDAP"
expectedResponse="OK" />
Legend: invariable value / variable value depending on installation
| Attribute | Description |
| className | Name of the Java class, implementing the org.apache.catalina.Valve interface, to be used as Valve here. This attribute is mandatory, as it is used to select the Valve to be used. There are in fact several implementations provided by Tomcat. |
| sharedPasswd | The shared password checked during authentication (see point II.5). |
| allowAddr | Regular expression(s) that the address used to send requests to the dashboard must satisfy. In the case of multiple regexes, separate with commas. |
| portalUrl | The address of the user and token verification page. - It can be unique and request validation from a single server; in this case: <protocol>://<host>:<port>/<context>/<path>?login=${login}&token=${token} - It may correspond to the address of the source sending the access request to the dashboard; in this case, indicate only the remaining path: <context>/<path>?login=${login}&token=${token} The valve will analyse the Referer to which to send the verification request in the header parameters of the incoming request. |
| fallbackAuth | Authentication method to use if the valve's authentication fails. |
| expectedResponse | Response returned by the page in the event of valid authentication (not case-sensitive), all other responses lead to authentication failure. |
| excludedPaths | Optional, these are the regular expressions of the paths whose resources are authorised to pass the valve, thereby switching to LDAP authentication mode. Example: "/.*" |
| print_debug | Optional, set to false by default, otherwise add print_debug="true" for more verbose traces. |
Adding security constraints
Uncomment or add the security constraints to the web.xml file located in the :
- under Linux: /etc/tomcat9/
- under Windows : C:\Program Files\Apache Software Foundation\Tomcat 9.0\conf
...
<security-role>
<role-name>CUSTOM</role-name>
</security-role>
<security-constraint>
<display-name>CUSTOM Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>CUSTOM</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Non-Protected Area</web-resource-name>
<url-pattern>/vjdbc</url-pattern>
</web-resource-collection>
</security-constraint>
...
</web-app>
Application configuration
To do this, modify the digdash.properties file in <install DD> or /etc/digdash or in the folder you have configured.
Server configuration (ddenterprise.war)
In the digdash.properties file:
In the ddenterpriseapi.war box, find and uncomment the following lines with the values shown:
Dashboard configuration (digdash_dashboard.war)
In the digdash.properties file :
In the digdash_dashbord.war box, find and uncomment the following lines with the values shown:
digdash_dashboard.DOMAIN=ddenterpriseapi
digdash_dashboard.FORCEDOMAIN=true
digdash_dashboard.FORCESERVERURL=true
digdash_dashboard.sharedPasswd=<la valeur de l'attribut sharedPasswd dans l'élément Valve>
Studio configuration (studio.war)
In the digdash.properties file :
In the studio.war box, find and uncomment the following lines with the values shown:
studio.DOMAIN=ddenterpriseapi
studio.FORCEDOMAIN=true
studio.FORCESERVERURL=true
studio.PUBLICSERVERURL=<votre adresse URL publique>
studio.sharedPasswd=<la valeur de l'attribut sharedPasswd dans l'élément Valve>