Security Configuration Reference

The DB Realm password policy is disabled by default. To enable it, edit $MOOGSOFT_HOME/config/security.conf and add or uncomment the block under DB realm as shown:

"DB realm" : {
		"realmType": "DB"
		, "passwordPolicy" : {
			"regex" : "^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%^&+=])(?=\\S+$).{12,}$",			
			"validationMessage" : "Must be at least 12 characters and contain at least one uppercase letter, special character, and number. No whitespace allowed."
		}
	},

You must restart apache-tomcat after enabling or disabling the policy.

The protocol (LDAP or LDAPS) and the host and port of your LDAP server. For example ldap://172.16.124.169:389.

The connection timeout in milliseconds.

The read timeout in milliseconds.

If enabled, the user account information must exist in the local database as well as the LDAP server and predefined user details are used to populate created or updated user accounts.

If disabled, Moogsoft Onprem creates or updates user accounts with the LDAP information.

The method used to look up the DN (Distinguished Name), a unique path to any object in the active directory.

The two methods are:

Optionally for both direct and lookup methods, you can use the userDnLookupUser, userDnLookupPassword and encryptedUserDnLookupPassword properties to define the user to look up each DN in your directory. See Moog Encryptor for more information if you want to use password encryption.

An optional LDAP attribute filter to search for user attributes.

An attribute map between the LDAP user attributes and the user attributes in the Moogsoft Onprem database.

This property uses the following format:

"attributeMap": 
{
    "db_column_5": "ldap_attribute_1",
    "db_column_2": "ldap_attribute_8",
    "db_column_3": "ldap_attribute_8"
}

Username of the system user to bind and search for user group information. LDAP uses this user if you leave the userDnLookupUser property empty. The system sends two bind requests and two search requests with LDAP. If you do not configure a system user, the user bind chosen for authentication is also used for the LDAP group search.

Password of the system user to bind and search for user group information.

Encrypted password of the system user to bind and search for user group information. See Moog Encryptor for more information. When using encryptedSystemPassword, comment out or remove the systemPassword property.

DN for the part of the LDAP structure that contains the user groups. This is used in conjunction with the memberAttribute to find any LDAP groups the user belongs to. These groups are then mapped to a local role using the roleMap property.

Attribute used to look for group members.

Attribute used to look for group name.

Defines the role mappings between the user directory and Moogsoft Onprem.

Sychronizes team assignment between the user directory and the teams in Moogsoft Onprem.

Defines the LDAP attribute or custom attribute that maps to team names in Moogsoft Onprem. You can provide the mapping as a JSON object. For example:

Example:

{
    "LDAP Team" : "My Team", 
    "Another LDAP Team" : "My second team" 
}

Enable to use the LDAP group name as the team name in Moogsoft Onprem.

Creates a team or teams if they do not exist in Moogsoft Onprem. If you leave teamMap empty, the teams adopt their LDAP teams names.

The SSL protocol you want to use.

Location of the SSL server certificate.

Location of the SSL client certificate.

Location of the client key file.

Location of the identity provider's metadata file. The metadata file provides information on how to connect to the IdP. Moogsoft Onprem requires the file to be in .xml format.

Location of the identity provider's metadata URL. The metadata file provides information on how to connect to the IdP. Moogsoft Onprem requires the file to be in .xml format.

Location of the identity provider's metadata. The metadata file provides information on how to connect to the IdP. Moogsoft Onprem requires the file to be in .xml format.

Location of the service provider's metadata file. Moogsoft Onprem writes the SP metadata information to this file. This location must be accessible and editable by the Apache Tomcat user. Moogsoft Onprem requires the file to be in .xml format. If your IdP does not have an SP metadata file generator, you can create one manually. See Build a Service Provider Metadata File for instructions.

Default roles that Moogsoft Onprem assigns to new users upon first login using SAML. If the user already has a role mapping, Moogsoft Onprem uses that instead.

Default teams that Moogsoft Onprem assigns to new users upon first login using SAML. You can create an empty list if you do not want to assign new users to a team.

Default primary group that Moogsoft Onprem assigns to new users upon first login using SAML.

The field that Moogsoft Onprem uses to map existing users to your IdP users.

The IdP attribute that maps to username in Moogsoft Onprem.

The IdP attribute that maps to email in Moogsoft Onprem.

The IdP attributes that map to full name in Moogsoft Onprem.

The IdP attribute that maps to teams in Moogsoft Onprem.

The IdP attribute or custom attribute that maps to team names in Moogsoft Onprem.

Creates a team or teams if they do not exist in Moogsoft Onprem. If you leave teamMap empty, the teams adopt their IdP teams names.

The IdP attribute containing role information.

The IdP attribute that maps to Moogsoft Onprem roles.

Your unencrypted keystore password. Any whitespace in the name is replaced with an underscore.

Your encrypted keystore password. Any whitespace in the name is replaced with an underscore.

Enabling forceAuth prevents users from having to enter their credentials more than once.

Your private key password. Any whitespace in the name is replaced with an underscore.

Maximum time in seconds for Moogsoft Onprem to receive an IdP's SAML assertion before it becomes invalid.

Service Provider Entity ID assertion number. Some IdPs require this ID.

The IdP attribute that maps to contact number in Moogsoft Onprem.

The IdP attribute that maps to department in Moogsoft Onprem.

The IdP attribute that maps to primary group inMoogsoft Onprem.

The IdP attribute that maps to timezone in Moogsoft Onprem.