Table of Contents |
---|
...
Key | Description | Example | Comment |
---|---|---|---|
auth_htpasswd_file | Location of the password file | ||
auth_htpasswd_encrypt | plain text passwords are checked ONLY if encmode is 0 or 'plaintext' |
ldap
The Opmantek products will use the configured LDAP server to perform authentication.
...
Key | Description | Example | Comment |
---|---|---|---|
auth_ms_ldaps_server | MS-LDAPS Server Name | host[:port] | No defaults. Entry must be created. |
auth_ms_ldap_acc | Account Name | The MS-LDAP Distinguished Name (DN)/account to bind with | |
auth_ms_ldap_psw | Account Password | The password associated with the above MS-LDAP account. The entry must be created. | |
auth_ms_ldap_base | Base Context | dc=corp,dc=opmantek,dc=com | Base context to search from. |
auth_ms_ldap_attr | MS-LDAP Attributes | sAMAccountName | The MS-LDAP attribute(s) to match to username. |
auth_ms_ldap_group | Checks if the user logging in is associated with the defined group. | Sales, SNMPSIM, GPON | Must follow: CN=OMK Ops,CN=Users,DC=opmantek,DC=local |
novell-ldap
apache
...
openaudit
...
See OKTA OpenID authentication
...
tacacs
Apache will perform authentication and provide an authenticated user to Opmantek, which will have authorisation policies applied.
connectwise
The Opmantek products will use the configured TACACS+ server (for example, Cisco ACS).ConnectWise API configured for authentication. For this, you need to setup the ConnectWise API and then setup the system to use the same authentication method using 'auth_method_1' => 'connectwise'
.
Following are the configuration items for setting up the ConnectWise API in opCommon.json:
Key | Description | Example | Comment |
---|---|---|---|
auth_ |
cw_server | IP address of the ConnectWise Server |
auth_tacacs_secret
The Key
token
...
1.2.3.4 | No defaults. Entry must be created. | ||
auth_cw_company_id | The company name in ConnectWise | COMPANY | |
auth_cw_public_key | The ConnectWise Public Key | xxxxxxXXXXXxxxxx | |
auth_cw_private_key | The Private Key associated with the above Public Key | yyyyyYYYYYyyyyy |
crowd
openaudit
openid_connect
Opmantek products use OKTA's OpenID Connect for authentication. In the authentication > auth_method_1 entry of opCommon.json, use the openid_connect. For more information, see OKTA OpenID authentication.
Following are the configuration items in opCommon.json:
Key | Description | Example | Comment |
---|---|---|---|
type | Authentication type | okta | The authentication type shall be "okta". |
url | URL for your subdomain | https://YOUR_SUBDOMAIN.okta.com/oauth2/default/v1/token | Replace only the text in red with your subdomain name. |
password | Password | password | The password shall remain "password", since the Opmantek's internal password field is mapped to the one returned by the OKTA service. |
username | User name | username | The user name shall remain "username", since the Opmantek's internal username field is mapped to the one returned by the OKTA service. |
client_id | The user's client ID | Enter the user's client ID. | |
client_secret | The user's client secret | Enter the user's client secret. | |
grant_type | password | This grant type shall be "password". | |
scope | openid | The scope shall be "openid". |
After making the required changes, restart the omkd service.
radius
The Opmantek products will use the configured radius server (for example, Cisco ACS or Steel Belted Radius).
Following are the configuration items in opCommon.json:
Key | Description | Example | Comment |
---|---|---|---|
auth_radius_server | The Radius Server Name | host:port | No defaults. Entry must be created. |
auth_radius_secret | Also known as the Key | secret |
system
tacacs
The Opmantek products will use the configured TACACS+ server (for example, Cisco ACS).
Key | Description | Example | Comment |
---|---|---|---|
auth_tacacs_server | The TACACS Server Name | host:port | |
auth_tacacs_secret | The Key | secret |
token
The Opmantek products support a new authentication method called token,
which offers delegated authentication. This enables an external party to pre-authenticate a user, who can access the Opmantek products without having to log in with username and password.
For more information on how to generate and log in with a token, see Delegated Authentication.
Multiple Authentication Methods
...