Configuring Server Machines - The 'Users' Tab (Java Runtime)

This tab lets you define the authentication mode (profile and password control) and declare which users are to be authorized to connect to the server machine.

This tab contains the two following pages:

• Profiles, showing the list of the defined user profiles,
• Authentication mode, displaying the parameters relating to the authentication mode.

"Profiles" page

Lists

Users

List of the users registered for the server.

For each user, the list shows:

• the name,

• the description,

• the context, i.e. the access path on the server that leads to the object files produced when compiling the "server" parts of Visual/Web programs.

The management functions (create, modify, delete) can be accessed using the context-sensitive menu associated with the list.

"Authentication mode" Page

Information entered

Authentication mode

List of the authentication modes implemented by the Adelia middleware.

Adelia

Authentication is carried out exclusively by the Adelia Middleware.

Simple LDAP authentication

After having verified that the user is declared, authentication is delegated to an LDAP server, in simple mode.

In this mode, the profile and password circulate in plaintext on the network between the Middleware server and the LDAP server.

Simple LDAP authentication (SSL)

After having verified that the user is declared, authentication is delegated to an LDAP server, in SSL mode.

- In this mode, the profile and the password circulate in encrypted form on the network between the Middleware server and the LDAP server.

- You must install the SSL certificate that corresponds to the LDAP server in the Windows certificate store of the Middleware server.

To do this:

In Windows: Double-click on the certificate and then follow the instructions given by the wizard.

In Java: The "truststore" store is specified by the "the javax.net.ssl.trustStore" system property. The default stores sought by the application are <java-home>/lib/security/jssecacerts, then <java-home>/lib/security/cacerts if the property is not specified.
Certificate import command: keytool -import -alias <MyCert> -file<MyCertFile.crt> -keystore <myTruststore>
JVM parameter: java -Djavax.net.ssl.trustStore=<MyTruststore>

Negotiated LDAP (Windows)

After having verified that the user is declared, authentication is delegated to an LDAP server, in negotiated Windows mode (the security context is negotiated between Kerberos and NTLM). This mode can only be used between a Windows Middleware server and an LDAP Active Directory server.

In this mode, authentication is carried out securely between the Middleware server and the LDAP server.

Important:  If the Guest account is activated at the user level of the Active Directory, a user that is not registered in the Active Directory, but is registered on the list of Middleware users, will have their authentication accepted without password verification.

Single Sign-On (SSO)

After checking that the user is declared (if the Default LDAP user box is not checked), authentication is performed in Kerberos mode by directly using the client Windows session credentials.

The password is not used in this mode. The client must explicitly request a negotiated connection by indicating the "*SSO" profile.

Only SSO logins are authorized in this mode. If a profile/password is submitted to the daemon, the login will be denied (invalid profile/password).

LDAP user search

After having verified that the user is declared (if the Default LDAP user box is not checked), authentication is delegated to an LDAP server, in user search mode.

In this mode, a first connection is made to the LDAP server with a generic profile passed as a parameter, in order to perform a search of the LDAP user corresponding to the Adelia profile, according to the specified search criteria.

If the LDAP user is found, a second authentication is carried out with the user's password.

In this mode, profiles and password circulate unencrypted on the network between the Middleware server and the LDAP server.

LDAP user search (SSL)

After having verified that the user is declared (if the Default LDAP user box is not checked), authentication is delegated to an LDAP server, in user search mode.

In this mode, a first connection is made to the LDAP server with a generic profile passed as a parameter, in order to perform a search of the LDAP user corresponding to the Adelia profile, according to the specified search criteria.

If the LDAP user is found, a second authentication is carried out with the user's password.

- In this mode, the profile and the password circulate in encrypted form on the network between the Middleware server and the LDAP server.

- You must install the SSL certificate that corresponds to the LDAP server in the Windows certificate store of the Middleware server.

LDAP Server

Host name of the LDAP server to be used.

Port

Port number of the LDAP server to be used (generally 389 in simple or negotiated Windows mode, and 636 in SSL mode).

Backup server

Host name of the LDAP backup server to be used in the event of failure of the main server.

Optional parameter.

Port

Port number of the LDAP backup server to be used.

Optional parameter.

Default domain

Name of the users' default Windows domain.

If it is specified and no domain has been indicated for the user (no ";\"; in the user name), it will be used to qualify the user.

This parameter is not available in ";User search"; mode. In this case, the DN filter must be entered.

This notion of domain is used when the users correspond to the Windows accounts managed by Active Directory.

DN pattern

Pattern to search for the LDAP user. The substitute character is %. The user's name is substituted in the filter, either on the substitution character % (for backward compatibility, only the first occurrence is substituted), or on the {0} string occurrences.

The DN pattern is taken into account only if the Default domain field is not completed. In ";User search"; mode, the field contains the search filter.

For example:

"cn=% ou=myGroup" (% will be replaced by the user).

"(|(sAMAccountName={0})(mail={0}))"

LDAP profile

Generic connection profile for user search execution. You can avoid entering this parameter if the server allows anonymous connections.

This field is only active if the authentication mode is "User search".

Password

Password for the generic connection profile for user search execution. You can avoid entering this parameter if the server allows anonymous connections.

This field is only active if the authentication mode is "User search".

User base

Base directory for the user search.

This field is active only if the authentication mode is "User search".

User attribute

Attribute name containing the user ID in the search results.

This field is active only if the authentication mode is "User search".

Search scope

Search scope

Possible values:

Context

Directory path where the server part for Visual Adelia programs is located, for unregistered users when Default LDAP user box is checked.

This field is active only when the Default LDAP user box is checked.

Check boxes

Authorizing Single Sign-On (SSO)

This option is enabled if the authentication mode is Adelia or LDAP.

LDAP or SSO default user

This option is not enabled in Adelia authentication unless the Allow Single Sign-On (SSO) box is checked.

Buttons

Configure

Validates any changes and closes the dialog box.

Cancel

Closes the dialog box without validating any changes.

Keyboard shortcut: Esc.

Apply

Validates any changes without closing the dialog box.

↑ Top of page

Copyrights     Ι      ©Hardis Group 2025 - Any partial or total reproduction of the content, not expressly authorized by Hardis Group, is strictly prohibited.