Do you already have a corporate authentication service based on LDAP? Now Kiuwan Code Analysis allows you to configure the authentication of your account users with your own LDAP service. Most of our customers use Microsoft Active Directory as a repository for user credentials. However, the procedure I’m about to tell you here is valid to integrate Kiuwan with any other users repository, even if it’s not based on LDAP.
If your company has a corporate authentication service implemented, your users and passwords will most probably be stored in an Active Directory, an OpenLDAP or an IBM Tivoli. If that is your case, you don’t want to have a different password for your Kiuwan account. By integrating Kiuwan with your LDAP service, you get to delegate your company users authentication in it.
How does it work?
Your company users won’t connect to https://www.kiuwan.com to sign in, but to an internal URL of your corporate network that you choose, like: http://kiuwan.yourdomain.com or http://yourdomain.com/kiuwan, for example.
In this address you will have an authentication service application that will relay on your local LDAP service. If you have permissions to access Kiuwan, it will generate a JWT authentication token including the username, which is encrypted using a secret key that you can generate in your Kiuwan account settings page.
This token is sent to Kiuwan, so it makes the validation and creates the session for the user, who is automatically redirected to https://www.kiuwan.com, to access the application.
You only need to install a Java application server on your premises for wich you can configure an IP or a domain name address or an internal subdomain. Tomcat should be enough.
There are not specific hardware requirements, since this service will not have a heavy load. It just handles authentication and redirects users to Kiuwan.
This application server must have conectivity to your LDAP service, but there is no need to have Internet access. Your users should be able to access to https://www.kiuwan.com through the Internet using their browsers.
A sample application
You can find a simple authentication application (kiuwan/kiuwan-local-authentication) as a way to get started. This application uses Tomcat (tomcat-users.xml) as authentication mechanism.
The steps are simple:
Install [Tomcat 8.5.11] (or another application server or use one you already have in your company) on a server.
Compile and deploy the sample authentication service application we provide for authenticating users in your application server.
Configure the authentication service application’s in index.jsp page. (Remember, this is a sample application. Do not use it as production code)
String ownerUsername = "firstname.lastname@example.org";
String clientId = "auth_1";
String secretKey = "2chpi17khvun90irrrse2e2276v64sj1pku8i9guh7ls544g3pjjiiv87763cfhqg62n6lvf7g51iuvpteisr4lntnnh6q3dsik3j5j";
String kiuwanURL = "https://www.kiuwan.com/saas/web/dashboard/dashboard";
String loginURL = "http://localhost:8080/kiuwan-auth/login.jsp";
The required clientId and secretKey fields are generated from kiuwan. You need login in kiuwan and go to Account Management – Secret keys:
You need also configure the security settings in the application server where you deployed our authentication service application, to connect to your LDAP or any other authentication server.
In this example, we use Tomcat (tomcat-users.xml):
<role rolename="kiuwan_user"/> <!-- the role name as is named in web.xml file of our authentication service -->
<user username="kuser" password="kuser" roles="kiuwan_user"/> <!-- kiuwan users -->
The user (kuser) is a valid used in kiuwan. To add users to your kiuwan account, login in kiuwan and go to Users Management – Add.
Configure the web.xml file to use this authentication mechanism:
<?xml version="1.0" encoding="UTF-8"?>
<display-name>Kiuwan Authentication Service</display-name>
<!-- Define a Security Constraint on this Application -->
<web-resource-name>Kiuwan Authentication Service</web-resource-name>