This page describes how to configure Kiuwan to work with a network that uses an internet proxy, or a local authentication system.
How to configure Kiuwan for networks with proxy or local authentication
- Start up the Kiuwan Local Analyzer
- Click Advanced to access the Network configuration window
Internet proxy configuration
If your network has a pass-through proxy required for internet access, you should configure the proxy settings in the first tab of the Network configuration window.
Here you can set:
- The protocol used by the proxy (http or socks).
- The host of the proxy server (e.g. proxy.myorganization.com).The port the proxy server listens to.
- Leave this option empty if your connection to the Internet needs no proxy pass-through.
- The authentication type for the proxy.
- The username for the proxy authentication.
- Only basic authentication is supported.
- Leave this option to "None" if no authorization is required
- The password for the proxy authentication.
From Java 8 Update 111 (8u111) onwards, the Basic authentication scheme has been deactivated, by default, in the Oracle Java Runtime.If you are using Java 8 Update 111 (or later), proxies requiring Basic authentication when setting up a tunnel for HTTPS will no longer succeed by default. Please visit Basic Authentication Error : Proxy returns HTTP1.1 407 Proxy Authentication Required for help on how to set up.
Alternatively, instead of using the Kiuwan Local Analyzer GUI, you can manually configure the proxy settings in $(AGENT_HOME)/conf/agent.properties file agent.properties
Local Authentication configuration
You can integrate the Kiuwan Local Analyzer with a Local Authentication system.
This is a common scenario in organizations that validate their employees' credentials against their own authentication system and do not want them to use other credentials when accessing external services.
If your company uses a corporate authentication service, your username and password will most probably be stored in an Active Directory, an OpenLDAP or an IBM Tivoli.
If that is your case, you do not need to have different credentials for your Kiuwan account.
By integrating Kiuwan with your Auth service, you will make the Kiuwan authentication delegate to your own system.
Configure with KLA GUI
If this is the case, you will need to configure the URL of your organization's local authentication system. You can also set the local authentication to use the currently configured proxy (as long as it uses http protocol). Ask your systems administrator what value to enter in the "Local authentication URL" field.
When a local authentication URL is configured, the username and password you set in the login window will be sent to the local authentication system instead of Kiuwan.
Configure with CLI
Alternatively, instead of using Kiuwan Local Analyzer GUI, you can manually configure the Local Authentication settings in AGENT_HOME/conf/agent.properties file agent.properties
Configure Kiuwan to use your Local Authentication system
Your company users should not connect to https://www.kiuwan.com to sign in, but to an internal URL of your corporate network that you choose, like: http://kiuwan.yourdomain.com or http://yourdomain.com/kiuwan (for example).
In that address you will have an authentication service application that will rely on your local auth service. If you have permissions to access Kiuwan, it will generate a JWT authentication token including the username, which is encrypted using a secret key, that you can generate in your Kiuwan account settings page.
This token is sent to Kiuwan, which makes the validation and creates the session for the user, who is automatically redirected to https://www.kiuwan.com, to access the application.
A sample application
You can find a sample authentication application (kiuwan/kiuwan-local-authentication) as a way to get started.
This sample application uses Tomcat (tomcat-users.xml) as authentication mechanism.The steps are simple:
- Install [Tomcat 8.5.11] (or another application server or use one you already have in your company) on a server.
- Compile and deploy the sample authentication service application we provide for authenticating users in your application server.
- Configure the authentication service application in index.jsp page. (Remember, this is a sample application. Do not use it as production code)
The required clientId and secretKey fields are generated from Kiuwan. You need login in Kiuwan and go to Account Management > Secret keys
You also need to configure the security settings in the application server where you deployed our authentication service application, to connect to your LDAP or any other authentication server.
In this example, we use Tomcat (tomcat-users.xml):tomcat-users.xml
Configure the web.xml file to use this authentication mechanism:web.xml
Now you just have to tell your Kiuwan users to use the URL you have defined to access our authentication service application.
Remember that this same configuration is also valid if you have Single-Sign-On mechanisms such as LDAP, SPNEGO or IBM WebSeal.
- No labels