You are here

Customize the Airlock Configuration Center authentication

Affects version(s): 
7.x
6.x
5.x

This article describes how to customize the Airlock Configuration Center Authentication for Airlock WAF, e.g. to attach an external LDAP user directory.

As reference for the configuration the same manual as for the standard Airlock Authentication Service can be used. Basically every authentication scheme as for the Airlock Authentication Service is supported.

To customize the Airlock Authentication Service, follow these instructions:

  • Either copy the actual file "authenticator.properties" from directory "/opt/airlock/mgt-tomcat/webapps/auth/WEB-INF/classes" to "/opt/airlock/custom-settings/mgt-auth/"
    or
    Download the appropriate file "authenticator.properties" attached to this document and upload it to "/opt/airlock/custom-settings/mgt-auth/" e.g. with WinSCP as root.

  • Edit and customize the file "authenticator.properties" e.g. for authenticate on LDAP Server. Have a look on section "Example" below.

  • Set permissions on the file with following commands as user root:

# chown fown:alec authenticator.properties
# chmod 040 authenticator.properties

Activate the new configuration

To activate the new configuration, use a root shell and restart the corresponding service:

For Airlock 5.x and 6.x:

# service airlock-mgt-tomcat restart​​​​​

For Airlock 7.x and newer:

# systemctl restart airlock-mgt-tomcat.service​​​​​​

Check if service is running with the following command:

With Airlock 5.x and 6.x: 

# service airlock-mgt-tomcat status

With Airlock 7.x and newer:

# systemctl status airlock-mgt-tomcat.service

Backup

Manually backup the customized file /opt/airlock/custom-settings/mgt-auth/authenticator.properties".

Example

An example, which combines local and LDAP users, is attached in authenticator.properties. Change the placeholders like "<text>" with the corresponding value.

  • The LDAP users must be members of at least one group "airlock-supervisor", "airlock-administrator", "airlock-auditor" or "airlock-app-admin". The names of these groups are used as role names in the Configuration Centers permission model. Please read article Administration Roles for a description of these roles.
  • The example is not able to change a users password out of the Airlock configuration center.

Knowledge Base Categories: