CAST AIP 8.3.x Documentation
Page tree
Skip to end of metadata
Go to start of metadata

CAST AIC Portal is unsupported. We encourage you to switch to AIP Console.

On this page:

Target audience:

CAST Administrators

Summary: this page describes how to encrypt logins and passwords when configuring LDAP authentication for the CAST AIC Portal.

Introduction

When configuring CAST AIC Portal connections to an LDAP server (see Standard LDAP in CAST AIC Portal - Configuring user authentication) logins and passwords are defined in the relevant configuration files in clear text. This therefore represents a potential security risk. If your organization requires these logins and passwords to be encrypted, you can use the following instructions to do so.

Note that this document already assumes that you have a working connection to your CAST AIC Portal.


Encrypting access to an LDAP server

When configuring access to an LDAP server for authentication, an LDAP user and password must be specified in the security.properties file in clear text as described in CAST AIC Portal - Configuring user authentication:

security.ldap.account.dn=cn=serviceaccount,dc=example,dc=com
security.ldap.account.password=password

To avoid the need to do this, please proceed as follows:

  • Browse to the following URL to access the built in login/password key generation page:
http://<server>:[<port>]/CAST-AICP/static/key.html
  • Login with any CAST AIC Portal user (whether Default Authentication / Active Directory / LDAP):

  • When successfully authenticated, you now need to enter the credentials (login and password) for your LDAP server (that you would ordinarily enter into the security.properties file for configuring LDAP mode) and that you wish to encrypt. In the example below, we have entered the required LDAP credentials:

  • Now click the Encrypt button - CAST will then generate a key that relates to the credentials you entered:

  • You now need to copy this key to the clipboard or to a text file.
  • Now open the following file with a text editor:
%CATALINA_HOME\webapps\CAST-AICP\WEB-INF\security.properties
  • Locate the following section in the file:
# Parameters for ldap mode
# ------------------------
security.ldap.url=ldap://directory.example.com/
security.ldap.account.dn=cn=serviceaccount,dc=example,dc=com
security.ldap.account.password=password
security.ldap.account.key=
security.ldap.usersearch.base=dc=example,dc=com
security.ldap.usersearch.filter=(&(objectClass=inetOrgPerson)(uid={0}))
security.ldap.groupsearch.base=dc=example,dc=com
security.ldap.groupsearch.filter=(&(objectClass=groupOfNames)(member={0}))
  • First remove the two lines with the security.ldap.account.dn and security.ldap.account.password parameters
  • Then enter the key generated previously into the line containing "key"
  • This should give you the following:
# Parameters for ldap mode
# ------------------------
security.ldap.url=ldap://directory.example.com/
security.ldap.account.key=CRYPTED2:A9762B77F8A5B6C0A885BABD58DFA1438D77A51B94ECA09
security.ldap.usersearch.base=dc=example,dc=com
security.ldap.usersearch.filter=(&(objectClass=inetOrgPerson)(uid={0}))
security.ldap.groupsearch.base=dc=example,dc=com
security.ldap.groupsearch.filter=(&(objectClass=groupOfNames)(member={0}))
  • Save the file.
  • Restart the CAST AIC Portal web application.
  • Now reload your CAST AIC Portal and ensure you can login and view the data you need to.


  • No labels