Description

The DDF Security STS LDAP Claims Handler bundle adds functionality to the STS server that allows it to retrieve claims from an LDAP server. Additionally, it also adds mappings for the LDAP attributes to the STS SAML claims.

Configuration

Installation

This bundle is not installed by default and can be added by installing the security-sts-server feature.

Settings

Settings can be found in the webconsole under Configuration -> Security STS LDAP and Roles Claims Handler.

Configuration Name	Default Value	Additional Information
LDAP URL	ldap://localhost:1389
LDAP Bind User DN	cn=admin
LDAP Bind User Password	secret	This password value is encrypted by default using the Security Encryption application
LDAP Username Attribute	uid
LDAP Base User DN	ou=users,dc=example,dc=com
LDAP Base Group DN	ou=groups,dc=example,dc=com
User Attribute Map File	etc/ws-security/attributeMap.properties	Properties file that contains mappings from Claim=LDAP attribute.

Implementation Details

Imported Services

Registered Interface	Availability	Multiple
ddf.security.encryption.EncryptionService	optional	false

Exported Services

Registered Interface	Implementation Class	Properties Set
org.apache.cxf.sts.claims.ClaimsHandler	ddf.security.sts.claimsHandler.LdapClaimsHandler	Properties from the settings
org.apache.cxf.sts.claims.ClaimsHandler	ddf.security.sts.claimsHandler.RoleClaimsHandler	Properties from the settings

Browser not supported