Configuring Authentication Server (DEX)

Edit online

About this task

The authentication process is conducted through DEX or through any other Authentication Server that supports the OAuth2 protocol. Authentication Server (DEX), which is delivered through the IBM® ADDI installer, is an identity service that uses OpenID Connect and it is used in the following configurations.

Procedure

  1. Access Start Menu > IBM Application Discovery and Delivery Intelligence > Launch IBM Application Discovery Configuration Service Admin, and go to Configure > Environments > "Your environment" > Servers and security > Authentication Server (DEX). The Authentication Server (DEX) settings page is displayed.
  2. In the Active directory section, configure the Authentication Server (DEX) to use an LDAP server to act as a user registry and pull user and user group information from it.
    LDAP registry location hostname
    Expects the hostname of the LDAP registry. Example: 
    example.com
    LDAP registry location port
    Expects the port of the LDAP registry. Default value: 389. If the SSL implementation is used, the default port of the LDAP registry is 636.
    Username (optional)
    Expects the account name that is used to access the LDAP registry.
    Note:
    • Leave empty if the LDAP allows anonymous access to retrieve user and user group information.
    • To add the account that has rights for LDAP bind action run adsiedit.msc on the Active Directory machine and load the current domain. Right click on CN=Users and CN=Administrator, select Properties and search for distinguishedName attribute. For more information, see ADSI Edit (adsiedit.msc).
    Password (optional)
    Expects the account's password that is used to access the LDAP registry.
    Note: Leave empty if the LDAP allows anonymous access to retrieve user and user group information.
  3. In the User search section, specify the following properties to configure the Authentication Server (DEX) to map to users in the LDAP server.
    Base user DN
    Expects the base distinguished name of the users in the LDAP registry. Example :
    CN=UserContainer,DC=Domain,DC=com
    Filter
    You can leave the default value. Example: 
    (objectClass=person)
    Username
    You can leave the default value. Example: 
    userPrincipalName
    Email attribute
    You can leave the default value. Example: 
    userPrincipalName
  4. In the User group search section, specify the following properties to configure the Authentication Server (DEX) to map to user groups in the LDAP server.
    Base Group DN
    Expects the base distinguished name of the groups in the LDAP registry. Example: 
    CN=GroupContainer,DC=Domain,DC=com
    Filter
    You can leave the default value. Example: 
    (objectClass=group)
    Group member attribute
    Expects an attribute to represent the members of a group in the LDAP registry. Example: member.
  5. Click Save.