Skip to main content

Access to the WiKID server's web UI is very important for security reasons. You may also need to meet certain regulatory requirements for logging access. Using AD is the easiest way to do this.

Access control to the WiKIDAdmin web UI is controlled by the Realm section of the file /opt/WiKID/tomcat/conf/server.xml.  The realm currently is set to use postgres:

        <Realm  className="org.apache.catalina.realm.JDBCRealm"
                driverName="org.postgresql.Driver"
                connectionURL="jdbc:postgresql://localhost:5432/wikid"
                connectionName="tomcat" connectionPassword="" digest="MD5"
                userTable="tomcat_users" userNameCol="username" userCredCol="password"
                userRoleTable="tomcat_roles" roleNameCol="role"/>

You can change this to use Active Directory by commenting the above out and adding a JNDI Realm:

      <!--  <Realm  className="org.apache.catalina.realm.JDBCRealm"
                driverName="org.postgresql.Driver"
                connectionURL="jdbc:postgresql://localhost:5432/wikid"
                connectionName="tomcat" connectionPassword="" digest="MD5"
                userTable="tomcat_users" userNameCol="username" userCredCol="password"
                userRoleTable="tomcat_roles" roleNameCol="role"/>    -->
        <Realm className="org.apache.catalina.realm.JNDIRealm" 
               adCompat="true"
               connectionName="AD_ADMIN_DN"
               connectionPassword="AD_ADMIN_DN_PASS"
               connectionURL="ldap://AD_IPADRESS:389"
               userBase="cn=Users,,BASE_DN"
               userSearch="(&amp;(objectClass=user)(sAMAccountName={0})(memberof=cn=WiKIDAdmin,cn=Users,dc=,BASE_DN))"
               userSubtree="true" 
               roleBase="cn=Users,,BASE_DN"
               roleName="cn"
               roleSearch="(member={0})"
               roleSubtree="false"
              />

Create a group called WiKIDAdmin in AD and place your Admin users in it.

Be sure to change AD_ADMIN_DN to an Admin AD login name, AD_ADMIN_DN_PASS to their password and BASE_DN to you DN (for example:  dc=wikidsystems,dc=com).  Change the IPADDRESS to the IP of a domain server.   Restart the WiKID server.

If you would like to be able to do both postgres and AD, use the Combined Realm option:

<Realm className="org.apache.catalina.realm.CombinedRealm" >
        <Realm  className="org.apache.catalina.realm.JDBCRealm"
                driverName="org.postgresql.Driver"
                connectionURL="jdbc:postgresql://localhost:5432/wikid"
                connectionName="tomcat" connectionPassword="" digest="MD5"
                userTable="tomcat_users" userNameCol="username" userCredCol="password"
                userRoleTable="tomcat_roles" roleNameCol="role"/>
       <!--
        Create a group in AD called WiKIDAdmin and assign all relevant users. Then change the 
        values of AD_ADMIN_DN, AD_ADMIN_PASS, and BASE_DN to match your AD configuration.
        -->
        <Realm className="org.apache.catalina.realm.JNDIRealm" 
           adCompat="true"
           connectionName="AD_ADMIN_DN"
           connectionPassword="AD_ADMIN_PASS"
           connectionURL="ldap://IPADDRESS:389"
           userBase="cn=Users,BASE_DN"
           userSearch="(&amp;(objectClass=user)(sAMAccountName={0})(memberof=cn=WiKIDAdmin,cn=Users,BASE_DN))"
           userSubtree="true" 
           roleBase="cn=Users,BASE_DN"
           roleName="cn"
           roleSearch="(member={0})"
           roleSubtree="false"
          />
</Realm>

Restart the WiKID server to have the changes take effect!

 

 

LEARN MORE
SUPPPORT
DOWNLOADS
COMPANY
  
2FA Pricing
Installation How-tos
Server Downloads
Management
Community Version
Read the Manual
Token Downloads
Press Releases
Technology
Integration How-tos
API downloads
Partners
White Papers
Changelogs
Privacy Policy

 

Copyright © WiKID Systems, Inc. 2024 | Two-factor Authentication