Configuring Authentication Providers

Before any of your users can log on to Fortra Application Hub, you must specify how to authenticate the users. You can choose to authenticate your users against Fortra Application Hub itself, a lightweight directory access protocol (LDAP) server, IBM i, or a SAML Identity Provider. Multiple authentication methods can be defined and assigned to users.

  1. In the Core Menu, click Security. Then click Providers.

  2. The Fortra Application Hub Provider exists by default. It allows you to authenticate users to the Fortra Application Hub server itself. Use the parameters to establish criteria for the creation of users.

    Click The Show Actions button Show Actions next to Fortra Application Hub and click Edit.

    1. Toggle Time-Based One-Time Passwords to On if you would like to use TOTP.

    2. Enter the Required Minimum Password Length.

    3. Enter the Required Minimum Amount of Upper Case Letters for the user password.

    4. Enter the Required Minimum Amount of Lower Case Letters for the user password.

    5. Enter the Required Minimum Amount of Numbers for the user password.

    6. Enter the Required Minimum Amount of Special Characters for the user password.

    7. Enter the Special Characters Allowed in the user password.

  3. To add a new provider, on the Providers tab, click Add Provider.

  4. Enter a name for the authentication.

  5. Click in the authentication method field and select Fortra Application Hub or LDAP or IBM i. To use SAML Authentication, see Configuring SAML Authentication.

    1. Toggle Create new users on successful first-time log in if you would like users to be created automatically when a user logs in to Fortra Application Hub as long as they have a LDAP log in.

    2. Toggle Time-Based One-Time Passwords to On if you would like to use TOTP.

    3. Enter the name or address of the LDAP Host server.

      NOTE:

      • These settings are specific to the Fortra Application Hub module, and do not pertain to Access Authenticator's LDAP settings configured on Access Authenticator's LDAP Settings page.

      • LDAP authentication can be used with Active Directory.

    4. Enter the LDAP Port used by the LDAP server.

    5. Switch Use SSL with LDAP to On if a secure sockets layer (SSL) is used with your LDAP server. You must first import the root certificate from the LDAP Host.

      1. Get the CA certificate from the LDAP host you want to connect to and move it to your Fortra Application Hub machine file system.
      2. Import the certificate into javas cacert.
        • Run (Windows)
          %CommonProgramFiles%\FortraApplicationHub\jdk\bin\keytool.exe -import -alias Server Alias -file Certificate Path -keystore Keystore Path
        • Run (Linux)
          EXAMPLE:
          /usr/bin/keytool -import -file /PATHTOCERT/ldapcert.cer -keystore "/usr/lib/jvm/jre/lib/security/cacerts"

      3. Enter the keystore password, "changeit" by default.

        NOTE: The default password for cacerts is “changeit”. You should consider changing this for security reasons.

      4. Type yes and press Enter.

      5. Restart Fortra Application Hub
        1. For Windows, restart the Fortra Application Hub Server service.
        2. For Linux, on a command line, issue the command:
          systemctl restart hs1-iam

    6. Enter the name of your LDAP Administrator. This administrator must be able to read the LDAP tree.

      NOTE: Distinguished Name format is acceptable. For more on Distinguished Names, go to the Microsoft Developer Network website.

    7. Enter the Administrator Password (and Confirm Password) for the administrator you entered above.

    8. Enter the Default Context for the LDAP server. This is the location to search for users in Distinguished Name format.

    9. Enter the User ID Field Name for the LDAP server. This is the Attribute Name to search in for the username.

    10. Enter the LDAP Field to Match. This is the value that matches the "samaccountname" listed for the user on the LDAP server.

    11. Click Validate LDAP Connection to test the information you entered above.

    1. Toggle Time-Based One-Time Passwords to On if you would like to use TOTP.

    2. Enter the Address of the IBM i server you want to use for authentication.

      NOTE: This does not have to be one of the IBM i systems that you are connecting Fortra Application Hub to.

    3. Toggle Use TLS to On to use TLS security to encrypt the connection.

Click Save.