Enabling Custom Authentication

How to:

Trading Partner Manager provides its own schema for custom authentication and authorization. In most cases this is the only schema you will need.

In some cases customers want to use their own authentication module instead of going through TPM’s authentication module. In this case the authentication is handled through the iWay "Authentication Realms" and Basic or process authentication.

When custom authentication is enabled users will not get the iWAY TPM 6.X login form. Instead, they will get the browser's basic authentication window. How the basic authentication window looks depends on the browser being used. All browsers will provide two fields: one for a user id and another for a password. Users won't be authenticated with the TPM database authentication but with the authentication Realm set by the TPM\iWAY admin in the iWAY console window for the TPM channel.

This section covers how to set up the Active Directory Authentication for TPM. This can be changed to any of the Authentication Realms supported by iSM 6.X.

Before going on, check to make sure of the following:

  1. That TPM is installed properly and the TPM channel is active, as shown in the following image.

  2. That users are able to authenticate through TPM authentication, as shown in the following image.

Top of page
x
Procedure: How to Use Active Directory as an Authentication Provider

To use Active Directory as an authentication provider:

  1. Add an active directory user as admin by performing the following steps.

    Note: TPM sets up one default admin user for authentication with a userid as “admin” and password as “iway”. Since TPM always needs one admin user in the system it is required that that admin username be changed to reflect the username of the Active Directory. Users can be changed or updated by going to the user administration screen.

    1. Login to TPM using the default admin userid and password.

      Note: Users that login to TPM and do not have admin privileges will not be able to see the Administration tab.

    2. Navigate to the Administration tab and check a user with Administration rights. Click the View and Edit button, this will bring following window.

    3. Change the User Name to one of the user names in the active directory (i.e. vj11652) and click Save Users Information.

      This will change the user information and update the Data Grid with the user name as shown in the following image.

      At this point we have user information in the database channel is still not updated to bypass the TPM authentication and use Active Directory Authentication.

  2. Create a Directory Provider by performing the following steps.
    1. Open the iSM console and navigate to Server, Directory Provider, New. This will bring up following page.

    2. Provide the following information for connecting to the IBI LDAP Server:

      • Name: (any valid name) IBILDAPProvider.

      • URL: URL of the LDAP server , one of the IBI LDAP server is running at ldap://ibidca:389/dc=ibi,dc=com

      • Pool Size: Keep this 5

      • iUser ID: Valid user id for connecting to the LDAP server, IBI server has userid of iwayqa@ibi.com

      • Password: Valid Password for connecting to the LDAP server.

    3. Once all this information is provide click on Test and check if the LDAP connection is valid. The following window should open if test is successful.

    4. Click on Save and go back to Directory provider page. The page should list the provider created above, as shown in the following image.

  3. Create an active directory Realm by performing the following.
    1. Open the iSM console and navigate to Server, Authentication Realms, New, Realm Type, ldaprealm. The following page will open:

    2. In order to use the IBI active directory as an authentication realm you will need to provide the following information

      • Name : (any valid name) ibiRealm (Note this name as we will need this further in this exercise and will be referenced later).

      • LDAP Provider: This should be the name of the LDAP Provider.

      • User Base Context: Context under which a user name search will be performed. Should be OU=COR for this exercise.

      • User Search Filter: Search filter with which user is searched. Should be sAMAccountName={0} for this exercise.

      Once completed the settings will look like the following.

      Save the settings and come back to the Authentication realm page, this should display the realm created above, as shown in the following image.

  4. Update the TPM Channel and Listener by performing the following.
    1. Navigate to Registry, Listeners, TPMListener.The following page will be displayed.

    2. Change the Authentication Scheme to httpbasic (Digest Auth will also work) and Authentication Realm to ibirealm.

    3. Click on Update to update the listener settings.
    4. Build and deploy the channel.
  5. Open TPM (http://localhost:8089/index.html) in a web browser. This will bring up a basic authentication screen as shown in the following image. Provide the user name and password

    Once Authenticated, the following screen will be displayed informing the user that they are authenticated and that TPM is loading.

    At this point TPM authentication is disabled and all users will be authenticated through Active Directory.

    Once TPM is loaded, note that if user is not part of TPM administration then the "Administration" tab won't be displayed. Basic authentication is browser based authentication, which means a logout option won't be displayed as well, as shown in the following image.

    Administrators will see the "Administrator" tab, allowing them to add more users with Administrator privileges.

iWay Software