Customize the Airlock Configuration Center authentication

This article describes how to customize the Airlock Configuration Center Authentication for Airlock Gateway, e.g. to attach an external LDAP user directory. Use the manual of the Airlock Authentication Service for reference.

To customize the Airlock Authentication Service, follow these instructions:

• Either copy the actual file "authenticator.properties" from directory "/opt/airlock/mgt-tomcat/webapps/auth/WEB-INF/classes" to "/opt/airlock/custom-settings/mgt-auth/"
  or
  Download the appropriate file "authenticator.properties" attached to this document and upload it to "/opt/airlock/custom-settings/mgt-auth/" e.g. with WinSCP as root.

• Edit and customize the file "authenticator.properties" e.g. for authenticate on LDAP Server. Have a look on section "Example" below.

• Set permissions on the file with following commands as user root:

Activate the new configuration

To activate the new configuration, use a root shell and restart the corresponding service:

Check if service is running with the following command:

Backup

Manually backup the customized file /opt/airlock/custom-settings/mgt-auth/authenticator.properties".

Example

An example, which combines local and LDAP users, is attached in authenticator.properties. Change the placeholders like "<text>" with the corresponding value.

• The LDAP users must be members of at least one group "airlock-supervisor", "airlock-administrator", "airlock-auditor" or "airlock-app-admin". The names of these groups are used as role names in the Configuration Centers permission model. Please refer to the Airlock Gateway documentation for a concise overview of the administrator roles.

• The example is not able to change a users password out of the Airlock configuration center.