Edit online

Using Active Directory Authentication

To configure the Web Author Administration page to use authentication from an Active Directory server, you need to edit the shiro.ini file located in the following location depending on your type of distribution:

  • WAR distribution: WEB-INF/shiro.ini
  • Windows/Linux/All Platforms: tomcat/webapps/oxygen-xml-web-author/WEB-INF/shiro.ini

Replace the line:

usersFileRealm = ro.sync.auth.PropertiesRealmWithDefaultUsersFile 

with some lines like this:

usersFileRealm = org.apache.shiro.realm.activedirectory.ActiveDirectoryRealm
usersFileRealm.url=ldap://<server-address>:389
usersFileRealm.principalSuffix=@my-company.ro
usersFileRealm.searchBase=CN=Users,DC=mycompany,DC=com
usersFileRealm.groupRolesMap="CN=Web Author Admins,DC=mycompany,DC=com":"admin"

usersFileRealm.systemUsername=<user>
usersFileRealm.systemPassword=***

where

  • principalSuffix is usually the mail domain so that you do not have to enter it in the login form.
  • CN=Users,DC=mycompany,DC=com is a query used to search for the user.
  • CN=Web Author Admins,DC=mycompany,DC=com is the group that will have access to the Web Author Administration page.
Note: The embedded license server does not support Active Directory authentication. The admin user for that license server is the one configured during the installation procedure.