Configuring system authentication

This topic provides information on:

Types of authentication methods

The following type of authentication methods are available:

  • FootPrints Internal: This is the default method in the system. You can use this if you want to maintain the user account passwords in FootPrints and don't have an external system to authenticate.
  • LDAP: Use this method if you want to use a third party LDAP source such as active directory to authenticate your users. When the users login they would enter their credentials from this third party application and if granted access, they are logged in as the user in FootPrints with their User ID. Multiple LDAP authentication types can be configured to connect to different sources.
  • Web server authentication: You can use this method if you want to enable single sign on using a third party authentication tool. This takes the authentication from FootPrints and passes it to the third party authentication that the web server is configured to use. It runs through IIS or Apache.

By default, the FootPrints Internal and Web Server methods are generated, but only the FootPrints Internal method is enabled. 

One authentication method is configured for each user account and the system tries to authenticate against that method only. If the user cannot be authenticated against a method, a "bad credentials" error is generated. For example, BMC users will be authenticated with Active Directory. Web server will be used for single sign-on. 

If you attempt to disable a method that has users assigned to it, a warning appears. If you have two methods enabled and disable one, a warning message appears advising you that only one method is currently enabled. If you disable all external methods, the system automatically enables the FootPrints internal method. At least one method must be enabled at all times.

Note

You can validate LDAP methods from the Authentication Methods page (once the fields are set up), but you cannot validate a Web server method from that page.

To configure authentication

  1. Click the Administration tab.
  2. In the System Management section, click System Settings > Authentication.
    The Authentication Methods page appears.

  3. Do any of the following:
    • To modify an existing method, select the method and click the pencil icon in the first column.
      You can also click Actions > Edit Configuration. The Configure Authentication dialog box appears for the selected method. Modify the settings as needed, following the instructions for each method provided below.
    • To change the default method, select the new method and click Set as Default.
    • To add another LDAP configuration, click Add LDAP Configuration.
      The Configure Authentication dialog box appears.
    • To delete an LDAP configuration, select it and click Delete LDAP Configuration.
      A confirmation message appears.

To configure the FootPrints Internal method

By default, this method is named FootPrints but you can change the name.

  1. Click the Administration tab.
  2. In the System Management section, click System Settings > Authentication.
    The Authentication Methods page appears.

  3. Select the FootPrints Internal Authentication method and click the pencil icon in the first column.
    The Configure Authentication dialog box appears. 
  4. Select Enable FootPrints Internal Authentication.
  5. In the Configuration Name field, enter the name for this configuration.
  6. Click Save.

To configure the Web server method

Note

To use web server authentication, you must configure Tomcat with IIS or Apache on the front end and then configure the third party authentication that you want to use. For more information, see the support article 1 and support article 2.

  1. Click the Administration tab.

  2. In the System Management section, click System Settings > Authentication.
    The Authentication Methods page appears.

  3. Select the Web Server Authentication method and click the pencil icon in the first column.
    The Configure Authentication dialog box appears. 
  4. Select Enable Web Server Authentication.
  5. In the Configuration Name field, enter the name for this service.
  6. Click Save.

To configure an LDAP method

  1. Click the Administration tab.
  2. In the System Management section, click System Settings > Authentication.
    The Authentication Methods page appears.

  3. Click Add LDAP Configuration.
    The Configure Authentication dialog box appears.
  4. Select Enable LDAP Authentication.
  5. (Optional) In the Configuration Name field, enter the name for this configuration.
  6. In the LDAP Authentication Attribute field, enter the attribute against which the user is authenticated, such as uid, samaccountname, or mail.
  7. In the LDAP Server Address field, enter the IP address or fully qualified domain name of the LDAP server.
  8. In the LDAP Server Port field, enter the port number.
    The standard port number is 389.
  9. In the LDAP Base DN field, enter the distinguished name(s) for this server.
    Use the most basic level and make sure to enter a name that you know has rights to access this server. For example, you might enter CN=Users,DC=<server name>,DC=local.
  10. (Optional) In the Authentication Login Information fields, enter the credentials for accessing this server.
    Make sure to enter the account name in the Distinguished Name field. Once you save this configuration, this field becomes read-only. To change existing credentials, select Change Credentials.
  11. In the LDAP Security Type field, select the appropriate option.
  12. Click Save.

Related topic

Administering

Was this page helpful? Yes No Submitting... Thank you

Comments

  1. Kevin Dort

    Deval,

    Please replace the "Support article 2" link to the Numara Software article to this article in BMC.

    How to integrate Apache and the FootPrints Service Core 12 Tomcat server
    https://selfservice.bmc.com/casemgmt/sc_KnowledgeArticle?sfdcid=000011053

    +++

    Note

    To use web server authentication, you must configure Tomcat with IIS or Apache on the front end and then configure the third party authentication that you want to use. For more information, see the support article 1 and support article 2.

    Sep 05, 2017 08:59
    1. Deval Faldu

      Thank you Kevin. I have updated the link to the support article.

      Warm Regards,
      Deval

      Sep 05, 2017 10:18