Enabling LDAP Authentication in TIBCO Web Service

-
You can enable basic authentication in a Service configuration resource by checking Use Basic Authentication under Endpoint Bindings tab. This will require username and password every time the web service is invoked.

If you want to authenticate against an LDAP server, you can enable the BW engine to use Java Authentication and Authorization Service (JAAS) LDAP Login Module. You can create an LDAP group and authorize all users belonging to that group to have access to your web service. To do this, you have to add the following engine properties to the TRA file:

java.property.com.tibco.bw.security.login.jaas = true
java.property.java.security.auth.login.config = <location>/jaas.conf

jaas.conf is a configuration file that defines the filtering rules and largely depends on the LDAP language. Sample content is as follows:

AuthenticationService {
com.sun.security.auth.module.LdapLoginModule REQUIRED
userProvider="ldap://myldapserver.com:447/cn=GroupName,ou=groups,o=world"
userFilter="member=uid={USERNAME},ou=people,ou=com,o=world"
authIdentity="uid={USERNAME},ou=people,ou=com,o=world"
useSSL=false
debug=true;
};

If you want to include the required engine properties in the EAR file for deployment, you have to edit the bwengine.xml file and add those properties before building the EAR file in Designer. That way, you will be able to set the values of these runtime variables under Process Archive in TIBCO Administrator.
Location: Philippines

Comments

  1. ЦецоNovember 10, 2015 at 5:36 AM

    Hi,

    I've tried this aproach but without success. I need to mention that it was in desing mode using TIBCO Designer and over ordinalry HTTP Request activity and not a service. It seems that no call was sent to the ldap server at all.

    It tries to authenticate aginst the TIBCO Administrator and I was able to login using a user defined there.

    AuthenticationService {
    com.sun.security.auth.module.LdapLoginModule REQUIRED
    userProvider="ldap://ldapservername.example.com:389"
    authIdentity="uid={USERNAME},ou=People,dc=example,dc=com"
    useSSL=false
    debug=true;
    };


    Do you know what I'm doing wrong?

    Thanks,
    Tsvetan

    ReplyDelete
  2. ralph p.November 10, 2015 at 6:51 AM

    Did you add the custom properties (mentioned in this post) in the TRA file?

    ReplyDelete

Post a Comment

Popular posts from this blog

XML Schema and JSON Schema Validation in Mule 4

-
Image
Exposing an API to be consumed by client applications entails a lot of challenges. Apart from a good API definition and documentation, you also need to ensure that the request payload submitted to your API endpoints are valid and conforms to the expected data structure. Although it is not required, I think some of the advantages to validate a request payload are: Establish a service contract which is a form of agreement between the service provider and the service consumer. This means that, in order to successfully consume an API, a client application needs to strictly follow a specification "for the request payload" called a data schema . Establish data integrity which ensures that all incoming data submitted to the API are "in a format that is expected". It doesn't make sense to process malformed data. For instance, if you are inserting data to a relational database, it would be more beneficial to first check mandatory (or required) fields before processing th
Read more

Parsing a JSON String and Converting it to XML in TIBCO

-
Image
If you have the REST & JSON Plug-in for TIBCO BusinessWorks, parsing and rendering a JSON string into XML is a straightforward task. We are often using XML in TIBCO, because XML is the most common format that is used to transform data using XSLT and XPath language. There are two ways we can parse and render JSON text: using an XML Schema, and using Java classes. Of course, XML Schema is already very handy, as we can always easily create one in TIBCO Designer. But, before we go to why we need to use Java classes, we need to examine first the nature of an XML Schema. An XSD describes the XML document in a strictly structured manner, which means that the sequence and nesting of the elements are important. However, for JSON, we cannot rely on the order of the elements, and we cannot force JSON to be that way. It’s just its character, and it maintains itself as an unordered collection of zero or more name/value pairs. That said, we cannot expect a JSON message to conform to the sp
Read more

Using XML To Java in TIBCO BW

-
Image
There are cases when it is preferable to use Java code instead of XSLT when doing a complex string manipulation. For example, you would like to produce a single string from the different segments of an XML. You can do this by using XML To Java activity in TIBCO. Suppose you have the following XML: <?xml version = "1.0" encoding = "UTF-8"?> <Employees xmlns = "http://xmlns.tibco.com/javaschema/javaschema.Employees"> <Employee> <Age>24</Age> <Level>2</Level> <Name>Mark Cruz</Name> <Role>Technology Consultant</Role> <Skill>Java</Skill> <Skill>TIBCO</Skill> <Skill>Ruby</Skill> </Employee> <Employee> <Age>25</Age> <Level>1</Level> <Name>John Cruz</Name> <Role>Technology Consultant</Role> <Skill>TIBCO BW</Skill> <Skill>PHP</Skill>
Read more