Edit online

Using Active Directory Authentication

To configure the Web Author Administration page to use authentication from an Active Directory server:

  1. Edit the shiro.ini file located in the following location depending on your type of distribution:

    • WAR distribution: WEB-INF/shiro.ini
    • Windows/Linux/All Platforms: tomcat/webapps/oxygen-xml-web-author/WEB-INF/shiro.ini
  2. Disable the default user password authentication configuration by deleting the lines between "Start user-password admin auth config" and "End user-password admin auth config":
    # <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
# Start user-password admin auth config:

usersFileRealm = ro.sync.adminauth.userpassword.UserPasswordAdminRealm

passwordMatcher = org.apache.shiro.authc.credential.PasswordMatcher
passwordService = ro.sync.adminauth.userpassword.PlainAndHashedPasswordService
hashFormatFactory = ro.sync.adminauth.userpassword.PlainHashFormatFactory

passwordService.hashFormatFactory = $hashFormatFactory
passwordMatcher.passwordService = $passwordService 

usersFileRealm.credentialsMatcher = $passwordMatcher

securityManager.realms = $usersFileRealm

authc = ro.sync.adminauth.userpassword.UserPasswordFormAuthFilter
authc.loginUrl = /admin-login

# End user-password admin auth config.
# >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
  3. Uncomment the Active Directory authentication configuration by deleting leading "#" characters, for example:
    # <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
# Start Active Directory admin auth config:
#
activeDirectoryRealm = ro.sync.adminauth.ad.ActiveDirectoryRealm
activeDirectoryRealm.url=ldap://<server-address>:389
activeDirectoryRealm.principalSuffix=@my-company.ro
activeDirectoryRealm.searchBase=CN=Users,DC=mycompany,DC=com
activeDirectoryRealm.groupRolesMap="CN=Web Author Admins,DC=mycompany,DC=com":"admin"
#
activeDirectoryRealm.systemUsername=<user>
activeDirectoryRealm.systemPassword=***
#
securityManager.realms = $activeDirectoryRealm
#
authc = ro.sync.adminauth.userpassword.UserPasswordFormAuthFilter
authc.loginUrl = /admin-login
#
#
# End Active Directory admin auth config.
# >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

  4. Configure it according to your Active Directory server, where:

    • principalSuffix is usually the mail domain so that you do not have to enter it in the login form.
    • CN=Users,DC=mycompany,DC=ro is a query used to search for the user.
    • CN=Web Author Admins,DC=mycompany,DC=ro is the group that will have access to the Web Author Administration page.
Note:
The embedded license server does not support Active Directory authentication. The admin user for that license server is the one configured during the installation procedure.