Question
We're using Worklight in a WAS environment and we need to protect the WL console from just anybody logging in and manipulating applications. We have a working configuration using WASLTPAModule going against Active Direcotry. The WAS cluster is using global security with a federated AD configuration. This configuration works to provide authentication into the console.
The problem is that anybody that has a valid account in AD can login to the console.
I have not seen any documentation or information on how to constrain the authorization to use the console to specific AD groups. How is this done?
Solution
In Worklight 6.1, the WebSphereLoginModule has an optional "role" parameter to specify the JEE role that the user must belong to in order to successfully authenticate:
Then in WebSphere, you would use the usual role mapping capability to map your AD groups to that role.
https://stackoverflow.com/questions/23570503
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian