Access Control - Preparing the Environment (v1.5)
Active Directory – LDAP SSO Configuration
HTTP.sys Configuration
HTTP.sys configuration is needed only for enabling Active Directory LDAP SSO.
To configure an HTTP.sys Web host implementation:
- Add/Edit to appsettings.json
"Host": {
"Type" : "Http.Sys"
}
2. Restart the application.
3. The AC Windows service should run as a machine administrator.
4. Enable SSL for Http.Sys:
a. Create a X509 certificate.
b. Import the certificate to the local computer \ personal store
c. In a command prompt, as an administrator run the following command:
> netsh http add sslcert ipport=0.0.0.0:<port> certhash=<thumbprint> appid=<GUID value>
LDAP SSO Configuration
If the server is configured with LDAP SSO (only relevant for Active Directory), you can login to Access Control using Windows SSO (no user name / password needed).
To configure LDAP SSO:
- Configure Access Control with HTTP.sys (see HTTP.sys Configuration) or host under IIS.
- Add a domain to Access Control using the REST API (this can also be done via the built-in Swagger):
Domain Name / Fully Qualified Domain Name (FQDN)
- The domain name can be determined by running "echo %userdomain%" in the command prompt
- The fully qualified domain name (FQDN) can be determined by running "echo %userDNSdomain%" in the command prompt
{
"name": "<your domain name for logging in>",
"fullyQualifiedName": "<FQDN name>"
}
3. Go to (or create) an Active Directory LDAP server by selecting the checkbox to 'Enable SSO' (under Access Control - Settings Tab > Directory Settings)
4. Logout, then login again using the Windows SSO button.