Skip to content

Single Sign On

LogSentinel SIEM supports integration with LDAP, ActiveDirectory and SAML 2.0 providers for authentication. Below is a set of steps to be executed in order to configure the integrations:

LDAP configuration

In order to authenticate with LDAP server (not Windows AD) the following steps must be done:

  • in /var/logsentinel/ set ldap.auth.enabled=true and ad.auth.enabled=false
  • set ldap.url to pint to your LDAP server
  • let's assume the following LDAP tree:
dn: dc=yourOrganization,dc=org
objectclass: top
objectclass: domain
objectclass: extensibleObject
dc: ourOrganization

dn: ou=groups,dc=springframework,dc=org
objectclass: top
objectclass: organizationalUnit
ou: groups

dn: ou=people,dc=springframework,dc=org
objectclass: top
objectclass: organizationalUnit
ou: people

objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Ben Alexx
sn: Alex
organizationId: ba2cbc90-5424-11e8-b88d-6f2c1b6625e8
userPassword: {SHA}nFCebWjxfaLbHHG1Qk5UU4trbvQ=

dn: cn=logsentinel_developer,ou=groups,dc=springframework,dc=org
objectclass: top
objectclass: groupOfUniqueNames
cn: logsentinel_developer
ou: logsentinel_developer
  • if ldap server doesn't give read access to annonymos users ldap.manager.DN and ldap.manager.password should be set
  • user is searched with ldap.userDN.pattern=uid={0},ou=people ->
  • gropus are searched with
  • encrypted password pattern : ldap.password.attribute=userPassword
  • Names of the user are axtracted by ldap.names.param=cn
  • Organization id of the user (in LogSentinel SIEM) can be assigned with the default value ldap.default.organizationId. It can also be retrieved from LDAP if it is set to the user as an additional property ldap.organizationId.param=organizationId
  • user role is retrieved from the groups that user is included. Only groups starting with logsentinel_ are taken into account. For example here is member of the group logsentinel_manager, so the retrieved role will be MANAGER.

Active Directory configuration

In order to authenticate with Windows Active Directory:

  • set ad.auth.enabled=true and ldap.auth.enabled=false in /var/logsentinel/
  • set ldap.url to the URL of the Active Directory (without the dc parts)
  • set ad.auth.domain to the domain where users belong in AD
  • roles are retrieved from the memberOf attributes of the user in AD. Same roles restrictions as in LDAP apply.

SAML 2.0

For SAML 2.0 to work, the property saml.provider.root.url, saml.provider.sso.url, saml.registrationId and saml.certificate.path must be specified.

Once the configurations are available, the Login page redirectes users to the SSO and after successful authentication they are logged in. Note that internal, passwordless accounts are still created after the first authentication in order to keep user preferences.

RADIUS authentication

For RADIUS authantication, the radius server IP, port and secret should be specified in via radius.server.ip, radius.server.port and radius.server.secret. RADIUS should be enabled via radius.enabled=true.