Versions Compared

Old Version 3

changes.mady.by.user Zane England

Saved on

compared with

New Version 4

changes.mady.by.user Zane England

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Create Authentication Policy

  2. Name the authentication policy and select Authentication Method LDAP + Database with Roles

  3. Select Linked authentication Database created previously for Yarngate

  4. Configure LDAP authentication

    1. The LDAP server address should be in the format LDAPS://<FQDN>:<port> - Note that LDAP:// can be used but passwords will not be encrytped in transit

    2. Verify TLS/SSL certificates can be enabled - Note that the LDAPS server certificate or trusted root CA certificate must be uploaded via the administration app

    3. LDAP username match regex can be used to match username formats - This is a generic username match regex that can be adjusted as needed(^[A-Za-z0-9]+(?:[ _-][A-Za-z0-9]+)*$)

    4. LDAP replace regex allows to adding prefixes/suffices to suite the authentication requirements such as adding a domain suffix

  5. Save the authentication policy - Note that new tabs will now become visable

  6. Configure LDAP authorisation and roles

    1. The LDAP interface field is optional - this can be used if an out of band check using another LDAP user is required for LDAP user group search on LDAP, If this option is not selected the LDAP groups are retreived using the authenticated LDAP user

    2. Base DN - provide the base DN for LDAP searches

    3. Username Match Field - this is the LDAP username field used typically sAMAccountName

    4. LDAP group to role mapping - this provide a mapping from LDAP groups to the Autentication Database roles defined previously. The LDAP groups can be entered in as global group name of LDAP distingushed name

Configure Yarngate

...

Service and Access

Info

Depending on the configuration you may wish to add a secondary access to the the administration application on a dedicated port It is recommended to add a local authentication administration app on a dedicated port if LDAP access will be used on the default HTTPS TCP/443 access - The process is described hereAdding Secondary Local Auth Administration Access

The following process assumes that LDAP authentication will be used for the default proxy and administration application

  1. Add the yarngate application service

    Image Added

  2. Configure the yarngate services

    Image Added

    1. Configure service name

    2. Select node/arm

    3. Host should use localhost as yarngate will be behind the proxy service Although for testing and comissioning is may be of assistance to bind to 0.0.0.0 to facilitate testing

    4. HTTPS can remain default

    5. Select Authentication policy

  4. Open the Proxy Service

    Image Added

  5. Select proxy service - service routing

  6. Image Added

    Add the yarngate applicaiton

    Image Added

    1. Optionally set the yarngate application to be the default application for the proxy

      Image Added

  7. Test Access to Yarngate

    1. Option 1

    2. Option 2

  8. Update administration application access policy