Mapping LDAP/SSO roles to Spectrum Technology Platform roles

Before mapping roles, ensure that you have enabled LDAP/SSO authentication.

注: We have verified identity providers AD FS and Ping Identity for Spectrum™ Technology Platform.
When you configure Spectrum™ Technology Platform to use LDAP/SSO for authentication, by default, the role values must match the Spectrum™ Technology Platform role names, exactly in order, to grant the role. For example, to grant the designer role, the role you specify must be "designer."
注: If you are using the Spatial Module, you must also update the Jackrabbit configuration file. For more information see LDAP または Active Directory による認証.

You can map non-matching LDAP/SSO role values to an existing Spectrum™ Technology Platform role name. You can also map an LDAP/SSO role value with the same name as a Spectrum™ Technology Platform role to a different role. For example, one of the built-in roles is "designer." If you have an LDAP/SSO role value that is also named "designer," but you want it to map to another role, you could create a role map.

To map an LDAP/SSO role value to an existing Spectrum role:

  1. Open a Web browser and go to http://server:port/jmx-console, where:
    • server is the IP address or host name of your Spectrum™ Technology Platform server.
    • port is the HTTP port used by Spectrum™ Technology Platform. The default is 8080.
  2. Select this property: com.pb.spectrum.platform.common.security.role:mappings=RoleMappings
    This property is visible only when you enable LDAP or LDAP/SSO authentication, and the Spectrum™ Technology Platform server is fully started.
  3. In the addMapping section, configure these settings:
    1. In the value field, enter the LDAP/SSO role value to map to a Spectrum™ Technology Platform role.
    2. In the roleName field, enter the Spectrum™ Technology Platform role to map to the LDAP attribute value.
  4. Click Invoke.
Users who have been assigned an LDAP/SSO role will now be granted the role you specified for them the next time they log in to Spectrum™ Technology Platform.
To remove a mapping, enter the LDAP attribute you want to unmap in the value field in the removeMapping section in JMX console.