Simple LDAP Identity Provider Wizard
The Simple LDAP Identity Provider Wizard helps you create or edit a Simple LDAP?Identity Provider.
gateway
The Simple LDAP Identity Provider Wizard helps you create or edit a Simple LDAP?Identity Provider.
There is only one step to the wizard. Complete it as follows:
Setting | Description |
|---|---|
Provider Name | Enter a descriptive name for the LDAP Identity Provider. This name appears in the [ Identity Providers ] tab and on the Search Identity Providers dialog. |
LDAP URLs |
|
Use Client Authentication | Select this check box to present a certificate to the server during the SSL handshake, if one is requested. Clear this check box to never present a certificate, even if one is requested. Note that access may be denied in this case. When Client Authentication is enabled, it is used with the specified key when connecting to an LDAP server for any ldaps connections. If there are no ldaps connections, then the Client Certification options have no effect. |
Auth DN Prefix Auth DN Suffix | Optionally enter a prefix and or a suffix for the authorization DN. The DN prefix and suffix are combined with the client-provided username to produce a DN. This DN is used to attempt to bind with the client-provided password to check whether the client-provided username is authenticated. Example: The CA API Gateway uses a prefix ("CN=") and a suffix (",OU=Sales,O=Layer 7") to configure the provider. During runtime, say a request arrives with HTTP credentials: username=bob, password=secret!123. The username is used to build a DN:CN=bob,OU=Sales,O=layer 7 The CA API Gateway then issues a "bind" request to the LDAP server using this DN and with the password "secret!123".If the prefix and suffix are omitted, the CA API Gateway uses the raw login name as the login for the authentication bind. The client-provided username must conform to the regular expression defined in the ldap.simple.username.pattern cluster property before it can be used to produce a DN. |
Reconnect Timeout | This is the amount of time that must pass before the Gateway attempts to reconnect to an LDAP Host URL that failed. The availability of this field depends on the Use System Default setting:
|
Security Zone | Optionally choose a security zone. To remove this entity from a security zone (security role permitting), choose " No security zone ". For more information about security zones, see Understanding Security Zones. This control is hidden if either: (a) no security zones have been defined, or (b) you do not have Read access to any security zone (regardless of whether you have Read access to entities inside the zones). |
Testing the Configuration
You can click [
Test
] to verify the configuration before completing the wizard. You are prompted to enter the login credentials to the LDAP server. If the credentials and configuration are correct, you should see a message validating the configuration of the Simple LDAP Identity Provider. If an error message displays instead, note the configuration problems and take the appropriate corrective actions:Configuration Error | Suggested Solution |
|---|---|
Connection error | Verify that all connection details in the wizard are correct. |
Test credentials rejected | Verify that the login credentials for the LDAP server have been entered correctly and then try again. |
Repeat the testing and fixing until no more errors appear.
The new Simple LDAP Identity Provider appears in the [
Identity Providers
] tab.