Mapping LDAP/SSO roles to Spectrum Technology Platform roles - spectrum_platform - 23 - 23.1

Spectrum-Administratorhandbuch

Product type
Software
Portfolio
Integrate
Locate
Verify
Product family
Product
Spectrum > Spectrum Platform
Version
23.1
Language
Deutsch
Product name
Spectrum Technology Platform
Title
Spectrum-Administratorhandbuch
Topic type
Übersicht
Administration
Tipps
Wie kann ich …
Referenz
First publish date
2007
ft:lastEdition
2023-10-25
ft:lastPublication
2023-10-25T06:40:18.626245

Before mapping roles, ensure that you have enabled LDAP/SSO authentication.

Anmerkung: We have verified identity providers AD FS and Ping Identity for Spectrum Technology Platform.
When you configure Spectrum Technology Platform to use LDAP/SSO for authentication, by default, the role values must match the Spectrum Technology Platform role names, exactly in order, to grant the role. For example, to grant the designer role, the role you specify must be "designer."
Anmerkung: If you are using Spectrum Spatial, you must also update the Jackrabbit configuration file. For more information see Verwenden von LDAP oder Active Directory zur Authentifizierung.

You can map non-matching LDAP/SSO role values to an existing Spectrum Technology Platform role name. You can also map an LDAP/SSO role value with the same name as a Spectrum Technology Platform role to a different role. For example, one of the built-in roles is "designer." If you have an LDAP/SSO role value that is also named "designer," but you want it to map to another role, you could create a role map.

To map an LDAP/SSO role value to an existing Spectrum role:

  1. Open a Web browser and go to http://server:port/jmx-console, where:
    • server is the IP address or host name of your Spectrum Technology Platform server.
    • port is the HTTP port used by Spectrum Technology Platform. The default is 8080.
  2. Select this property:
    com.pb.spectrum.platform.common.security.role:mappings=RoleMappings
    This property is visible only when you enable LDAP or LDAP/SSO authentication, and the Spectrum Technology Platform server is fully started.
  3. In the addMapping section, configure these settings:
    1. In the value field, enter the LDAP/SSO role value to map to a Spectrum Technology Platform role.
    2. In the roleName field, enter the Spectrum Technology Platform role to map to the LDAP attribute value.
  4. Click Invoke.
Users who have been assigned an LDAP/SSO role will now be granted the role you specified for them the next time they log in to Spectrum Technology Platform.
To remove a mapping, enter the LDAP attribute you want to unmap in the value field in the removeMapping section in Spectrum JMX console.