Customize the Airlock Configuration Center authentication

This article describes how to customize the Airlock Configuration Center Authentication for Airlock WAF, e.g. to attach an external LDAP user directory.

To customize the Airlock Authentication Service, follow these instructions:

• Either copy the actual file "authenticator.properties" from directory "/opt/airlock/mgt-tomcat/webapps/auth/WEB-INF/classes" to "/opt/airlock/custom-settings/mgt-auth/"
  or
  Download the appropriate file "authenticator.properties" attached to this document and upload it to "/opt/airlock/custom-settings/mgt-auth/" e.g. with WinSCP as root.

• Edit and customize the file "authenticator.properties" e.g. for authenticate on LDAP Server. Have a look on section "Example" below.

• Set permissions on the file with following commands as user root:

Activate the new configuration

To activate the new configuration, use a root shell and restart the corresponding service:

For Airlock 5.x and 6.x:

For Airlock 7.x and newer:

Check if service is running with the following command:

With Airlock 5.x and 6.x: 

With Airlock 7.x and newer:

Backup

Manually backup the customized file /opt/airlock/custom-settings/mgt-auth/authenticator.properties".

Example

An example, which combines local and LDAP users, is attached in authenticator.properties. Change the placeholders like "<text>" with the corresponding value.

• The LDAP users must be members of at least one group "airlock-supervisor", "airlock-administrator", "airlock-auditor" or "airlock-app-admin". The names of these groups are used as role names in the Configuration Centers permission model. Please read article Administration Roles for a description of these roles.

• The example is not able to change a users password out of the Airlock configuration center.