Layer7 API Management

Expand all | Collapse all

CA LAC Authentication with LDAP

Jump to Best Answer
  • 1.  CA LAC Authentication with LDAP

    Posted 08-13-2018 10:13 AM

    Has anyone made successful configuration of CA Live API Creator Web Access Login with LDAP?

     

    Looks like this require proper role assignments, has anyone did this before?

     

    I have given "System administrator" role for a particular user in JavaScript code. But upon login in Web UI, I couldn't see any projects and also I am not able to create Empty API.

     

    if (payload.username === "<myLdapUser>") {
                            authResponse.roleNames.push("System administrator");

     

    This is how am giving admin role for the user. Do I have to specify anything else in the code to see all the projects?



  • 2.  Re: CA LAC Authentication with LDAP
    Best Answer

    Posted 11-20-2018 06:57 PM

    You can create the LDAP Authentication Provider by first using the instructions on this page

    Note - From this page, there is  a link to an authentication provider example on GitHub

     

    Once tested successfully -- to authenticate API developers (aka TeamSpace users) logging in to Live API Creator using the LDAP authentication provider, you will need to further modify the auth provider (see Authenticate function (line 41) under SimpleLDAPAuthProvider.js) with the following: 

     

    1. Add required roles for TeamSpace users
    e.g.
    authResponse.roleNames.push("Account admin");
    authResponse.roleNames.push("Data admin");

    Note: These are the roles required by Live API Creator. System Administrator is not a valid role. 


    2. Assign user to the teamspace by adding the following to the userData and userInfo of the response. 

    e.g.
    authResponse.userData["teamSpaceUrlFragment"] = "default";
    authResponse.userInfo["accountIdent"] = 1000;

     

    Once configured, following the steps on how to switch your Live API Creator's Admin API to authenticate using the updated LDAP auth provider. See: https://docops.ca.com/ca-live-api-creator/5-0/en/securing-apis/configure-authentication/authenticate-teamspace-users