If you're having trouble at any stage please contact us at email@example.com.
Compatible with SkyFormation App Version
This guide is compatible with SkyFormation App version 2.1.21 (see Get Your SkyFormation App Version). If you are using an older version of SkyFormation we highly recommend to update to the latest one.
SkyFormation platform is using an authentication mechanism based on local file with the relevant user:role:credentials information.
It is highly recommended to replace the default authentication mechanism with AD/LDAP based one.
This would allow an easy way to add/remove users allowed access to SkyFormation, and improve the user's information and credentials security.
This post explains how to use AD server as the SkyFormation authentication service provider.
SkyFormation application will ask the user for her user:password and validate these with the configured AD server.
SkyFormation application will not save the user's credentials sent to the AD.
- Make sure the SkyFormation machine could communicate with the AD server
- Have the AD server name and port number to use
- Make sure each user you would like to allow access to SkyFormation app is a member of the AD
group that would be used to allow access to the SkyFormation app.
- SSH to your SkyFormation machine
- Enter the SkyFormation tomcat container by running the command
sudo docker container exec -it sk4_sk4_tomcat_1 bash
- Make a backup copy to the following file %sk4 tomcat%/sk4conf/shiro/client-shiro.ini by
running the command
cp sk4conf/shiro/client-shiro.ini sk4conf/shiro/client-shiro.ini.orig
- Edit the file %sk4 tomcat%/sk4conf/shiro/client-shiro.ini (using vi command or else)
Add the following AD configuration lines
ldapRealm.systemUsername = %search user's user_name for the AD search%
ldapRealm.systemPassword = %search user's password for the AD search%
sk4admin = password, sk4-admin
- Exit the SkyFormation tomcat container you are at
- To support AD connection over SSL please follow these steps as well:
- Restart the SkyFormation application
sudo service sk4compose restart