Mapping LDAP/SSO roles to Spectrum Technology Platform roles
Before mapping roles, ensure that you have enabled LDAP/SSO authentication.
Note: We have verified identity providers AD FS and Ping Identity for Spectrum Technology Platform.
When you configure Spectrum Technology Platform to use
LDAP/SSO for authentication, by default, the role values must match the Spectrum Technology Platform role names, exactly in order, to grant the role. For example, to
grant the designer role, the role you specify must be "designer."Note: If you are using Spectrum Spatial, you must also update the Jackrabbit configuration file. For more
information see Using LDAP or Active Directory for Authentication.
You can map non-matching LDAP/SSO role values to an existing Spectrum Technology Platform role name. You can also map an LDAP/SSO role value with the same name as a Spectrum Technology Platform role to a different role. For example, one of the built-in roles is "designer." If you have an LDAP/SSO role value that is also named "designer," but you want it to map to another role, you could create a role map.
To map an LDAP/SSO role value to an existing Spectrum role:
-
Open a Web browser and go to http://server:port/jmx-console, where:
- server is the IP address or host name of your Spectrum Technology Platform server.
- port is the HTTP port used by Spectrum Technology Platform. The default is 8080.
-
Select this property:
com.pb.spectrum.platform.common.security.role:mappings=RoleMappings
This property is visible only when you enable LDAP or LDAP/SSO authentication, and the Spectrum Technology Platform server is fully started. -
In the addMapping section, configure these
settings:
- In the value field, enter the LDAP/SSO role value to map to a Spectrum Technology Platform role.
- In the roleName field, enter the Spectrum Technology Platform role to map to the LDAP attribute value.
- Click Invoke.