Windows authentication setup

Plexus Connect currently supports LDAP and Active Directory (AD) with Kerberos protocol.

For Plexus Connect to determine the active Windows-sso authentication server, the configuration file config.properties there needs to be created.
This file needs to be saved on the server. We recommend to use the configuration folder.

• for UNIX ~/.chemaxon/plexus-suite/config.properties
• for Windows ~/chemaxon/plexus-suite/config.properties

This configuration is activating by the following startup option:

-Dcom.chemaxon.plexus.connect.configuration.propertiesFilePath=~/chemaxon/plexus-suite/config.properties"   

Basic content of config.properties is shown on following example:

authentication.type=windows-sso
security.basic.enabled=false
security.keytab.file= ~\\path_to_the_key_tab_file\\your.keytab
security.service.principal=HTTP/demo.kerberos.your_domain.com@your_domain.COM
security.adServer.url=ldap://WIN-NF3AITRLTDS.your_domain.com
#security.adServer.url=ldap://WIN-QB0M94BDT41.your_domain.com
security.ldap.searchBase=dc=your_domain,dc=com
security.ldap.searchFilter=(| (userPrincipalName={0}) (sAMAccountName={0}))
#security.ldap.searchFilter=(CN=[username])
security.ldap.connectUserGroupName=connectUsers
security.ldap.connectAdminGroupName=connectAdmins
server.port=8080  

When the file bellow exist on the Connect serrver, the authenticated user will be assigned with appropriate ROLES defined in the groupToRolesMapping.json based on their membership in the GROUPS in Active Directory.

Example of groupToRolesMapping.json where are stored mapped roles:

{
 "Fully_Qualified_Active_Directory_Group_Name_A": ["ROLE_ADMIN", "ROLE_EDIT_SCHEMA", "ROLE_CONNECT_ADMIN"],
 "Fully_Qualified_Active_Directory_Group_Name_B":["ROLE_USER"],
 "Fully_Qualified_Active_Directory_Group_Name_C":: ["ROLE_EXPORT_DATA"]
}

If the authentication server is properly configured and referenced keytab file exists, Connect will authenticate User according server rules.