|Security for the Spectrum™ Technology Platform / Users|
Spectrum™ Technology Platform can be configured to use an LDAP or Active Directory server for authentication. When a user logs in to Spectrum™ Technology Platform, the user's credentials are verified using LDAP or AD. The system then checks to see if there is a Spectrum™ Technology Platform user with the same name. If there is, the user is logged in. If there is not, then a Spectrum™ Technology Platform user account is automatically created for the user and given the role user. You can optionally specify an LDAP or AD attribute that contains the roles to grant to the user.
The following diagram illustrates this process:
Before configuring Spectrum™ Technology Platform to use a directory service for authentication, confirm that your directory service meets the following requirements.
The setting LDAP is used to enable Active Directory as well as LDAP.
For example, to apply the roles defined in the attribute spectrumroles you would specify:
If this attribute contains a role named designer then the designer role would be granted to the user.
You can only specify one attribute but the attribute may contain multiple roles. To specify multiple roles inside an attribute, separate each with a comma. You can also specify a multi-value attribute, with each instance of the attribute containing a different role. Only the roles specified in this one attribute are used in Spectrum™ Technology Platform. No other LDAP or Active Directory attributes will have any impact on Spectrum™ Technology Platform roles.
If the user has roles assigned to it in Spectrum™ Technology Platform, the user's permissions are the union of the roles from LDAP or Active Directory and the roles from Spectrum™ Technology Platform.
If you are running Spectrum™ Technology Platform in a cluster, you must modify the spectrum-container.properties file and the spectrum-config-ldap.properties file on each of the servers in the cluster. Stop the server before modifying the file, then start the server after you are done modifying the file.