Mapping LDAP/SSO roles to Spectrum Technology Platform roles

Before mapping roles, ensure that you have enabled LDAP/SSO authentication.

Note: We have verified identity providers AD FS and Ping Identity for Spectrum Technology Platform.
When you configure Spectrum Technology Platform to use LDAP/SSO for authentication, by default, the role values must match the Spectrum Technology Platform role names, exactly in order, to grant the role. For example, to grant the designer role, the role you specify must be "designer."
Note: If you are using Spectrum Spatial, you must also update the Jackrabbit configuration file. For more information see Using LDAP or Active Directory for Authentication.

You can map non-matching LDAP/SSO role values to an existing Spectrum Technology Platform role name. You can also map an LDAP/SSO role value with the same name as a Spectrum Technology Platform role to a different role. For example, one of the built-in roles is "designer." If you have an LDAP/SSO role value that is also named "designer," but you want it to map to another role, you could create a role map.

To map an LDAP/SSO role value to an existing Spectrum role:

  1. Open a Web browser and go to http://server:port/jmx-console, where:
    • server is the IP address or host name of your Spectrum Technology Platform server.
    • port is the HTTP port used by Spectrum Technology Platform. The default is 8080.
  2. Select this property:
    com.pb.spectrum.platform.common.security.role:mappings=RoleMappings
    This property is visible only when you enable LDAP or LDAP/SSO authentication, and the Spectrum Technology Platform server is fully started.
  3. In the addMapping section, configure these settings:
    1. In the value field, enter the LDAP/SSO role value to map to a Spectrum Technology Platform role.
    2. In the roleName field, enter the Spectrum Technology Platform role to map to the LDAP attribute value.
  4. Click Invoke.
Users who have been assigned an LDAP/SSO role will now be granted the role you specified for them the next time they log in to Spectrum Technology Platform.
To remove a mapping, enter the LDAP attribute you want to unmap in the value field in the removeMapping section in Spectrum JMX console.