Use external authentication

PulseUno supports external authentication using OpenID Connect SSO or LDAP. If you integrate with OpenText products such as Dimensions CM, StarTeam, or AccuRev, you can set up PulseUno to use authentication from these products.

Internal authentication

By default, a standalone installation of PulseUno uses internal authentication with a login and password.

The authentication settings are maintained in the startup.properties file on the PulseUno server.

For details about the startup.properties file, see Configure startup.properties.

The following properties define internal authentication:

Property Description
authentication.type

The authentication type for accessing PulseUno.

The internal authentication type is PULSE.

authentication.pulse.root.super.user.token

The super user token that controls whether to autogenerate a root user.

By default, the property is set to true, enabling PulseUno to automatically create a root user and log the root user password in the log files.

You use the root user credentials to access the PulseUno web application for the first time and create administrator accounts.

After you have created administrator accounts, you can change the value to false.

For example:

Copy code
authentication.type=PULSE
authentication.pulse.root.super.user.token=true

Note: If configured for internal authentication, PulseUno requires user licenses. For details, see PulseUno licensing.

To change from internal authentication to one of the external types, you need to edit the authentication properties.

Back to top

Configure OpenID Connect SSO

You can set up SSO via OpenID Connect (OIDC) to authenticate to the PulseUno web application.

Prerequisites:

  • You need an identity provider (IdP) that supports OIDC protocol.

    PulseUno validates with OpenText NetIQ One SSO Provider service (OSP) as the main OIDC IdP.

  • PulseUno must be registered as Relying Party with your IdP.

To enable communication with an OpenID Connect IdP, you set the OIDC authentication type properties in the .properties files on the PulseUno and Git servers.

Caution: If configured for OpenID Connect SSO, PulseUno can integrate with Dimensions CM only if Dimensions CM is connected using impersonation. For details, see Connect to Dimensions CM repository.

To set up OpenID Connect SSO:

  1. On the PulseUno server, open the startup.properties file in the <pulse_data>\conf directory.

    Default locations:

    Windows C:\ProgramData\OpenText\PulseUno\pulse_data\conf
    Linux /opt/opentext/pulseuno/data/pulse_data/conf
  2. In the startup.properties file, set the authentication type to OIDC and specify the OIDC properties:

    Property Description
    authentication.type The authentication type for accessing PulseUno. Replace the existing authentication type with OIDC.
    authentication.oidc.baseurl The URL of the OpenID Connect IdP server that manages and verifies user credentials on behalf of PulseUno.
    authentication.oidc.clientid The client ID generated for PulseUno on the IdP server.
    authentication.oidc.secret The client secret generated for PulseUno on the IdP server.

    For example:

    Copy code
    authentication.type=OIDC
    authentication.oidc.baseurl=https://myIdPserver:8443/osp/a/test/auth/oauth2
    authentication.oidc.clientid=<IdP-client-ID>
    authentication.oidc.secret=<IdP-secret>
  3. Save the file.

  4. On the Git server, open the pulse.properties file in the Git server's <git_data>\config directory.

    Default locations:

    Windows C:\ProgramData\OpenText\PulseUno\git_data\config
    Linux /opt/opentext/pulseuno/data/git_data/config
  5. In the pulse.properties file, set the following properties with the same values as the PulseUno server:

    • authentication.oidc.baseurl

    • authentication.oidc.clientid

    • authentication.oidc.secret

  6. Save the file.

Back to top

Configure LDAP authentication

You can enable PulseUno to use LDAP authentication.

To change the authentication type, you modify the PulseUno startup.properties file.

Note: If authenticating through LDAP, PulseUno requires user licenses. For details, see PulseUno licensing.

To switch to LDAP authentication:

  1. On the PulseUno server, open the startup.properties file in the <pulse_data>\conf directory.

    Default locations:

    Windows C:\ProgramData\OpenText\PulseUno\pulse_data\conf
    Linux /opt/opentext/pulseuno/data/pulse_data/conf
  2. Set the authentication type to LDAP and specify the LDAP properties:

    Property Description
    authentication.type The authentication type for accessing PulseUno. Replace the existing authentication type with LDAP.
    authentication.ldap.url

    The URL of the LDAP server, for example:

    ldap://server:389

    authentication.ldap.base The base DN to search from.
    authentication.ldap.bindUser The user to bind to the LDAP server and perform searches.
    authentication.ldap.bindUserPassword The password of the LDAP bind user.
    authentication.ldap.followReferrals

    The option that enables searches to follow LDAP referrals.

    To follow referrals, set to true.

    Default value: false.

    authentication.ldap.searchFilter The LDAP search filter to match users.

    For example:

    Copy code
    authentication.type=LDAP
    authentication.ldap.url=ldap://server:389
    authentication.ldap.base=dc=example,dc=com
    authentication.ldap.bindUser=cn=binduser,ou=Organizational Unit 1,ou=Organizational Unit 2,dc=example,dc=com
    authentication.ldap.bindUserPassword=<bind-user-password>
    authentication.ldap.followReferrals=false
    authentication.ldap.searchFilter=(&(objectClass=person)(sAMAccountName={0}))

  3. Save the file.

Back to top

Set up Dimensions CM authentication

You can switch to Dimensions CM authentication, which enables you to work with a Dimensions CM server.

To change the authentication type, you modify the PulseUno startup.properties file.

Note: For Dimensions CM authentication, PulseUno doesn't require user licenses and may license agents through Dimensions CM.

To switch to Dimensions CM authentication:

  1. On the PulseUno server, open the startup.properties file in the <pulse_data>\conf directory.

    Default locations:

    Windows C:\ProgramData\OpenText\PulseUno\pulse_data\conf
    Linux /opt/opentext/pulseuno/data/pulse_data/conf
  2. Set the authentication type to AUTO and specify the details of your Dimensions CM server:

    Property Description
    authentication.type The authentication type for accessing PulseUno. Replace the existing authentication type with AUTO.
    authentication.dcm.server The host name and port of your Dimensions CM server.

    For example:

    Copy code
    authentication.type=AUTO
    authentication.dcm.server=myserver:port
  3. Save the file.

Back to top

Set up StarTeam authentication

If you work with StarTeam, you can switch to StarTeam authentication in PulseUno.

To change the authentication type, you modify the PulseUno startup.properties file.

Note: For StarTeam authentication, PulseUno doesn't require user licenses and may license agents through StarTeam.

To switch to StarTeam authentication:

  1. On the PulseUno server, open the startup.properties file in the <pulse_data>\conf directory.

    Default locations:

    Windows C:\ProgramData\OpenText\PulseUno\pulse_data\conf
    Linux /opt/opentext/pulseuno/data/pulse_data/conf
  2. Set the authentication type to STARTEAM and specify the StarTeam properties:

    Property Description
    authentication.type The authentication type for accessing PulseUno. Replace the existing authentication type with STARTEAM.
    authentication.hub.auth.hostname The host name of your StarTeam server.
    authentication.hub.auth.port The port number to access your StarTeam server, for example, 49201.
    authentication.hub.auth.user The username for binding to the StarTeam server.
    authentication.hub.auth.password The corresponding password for binding to the StarTeam server.

    For example:

    Copy code
    authentication.type=STARTEAM
    authentication.hub.auth.hostname=myserver
    authentication.hub.auth.port=49201
    authentication.hub.auth.user=username
    authentication.hub.auth.password=password
  3. Save the file.

Back to top

Set up AccuRev authentication

If you work with AccuRev, you can switch to AccuRev authentication in PulseUno.

To change the authentication type, you modify the PulseUno startup.properties file.

Note: For AccuRev authentication, PulseUno doesn't require user licenses and may license agents through AccuRev.

To switch to AccuRev authentication:

  1. On the PulseUno server, open the startup.properties file in the <pulse_data>\conf directory.

    Default locations:

    Windows C:\ProgramData\OpenText\PulseUno\pulse_data\conf
    Linux /opt/opentext/pulseuno/data/pulse_data/conf
  2. Set the authentication type to ACCUREV and specify the AccuRev properties:

    Property Description
    authentication.type The authentication type for accessing PulseUno. Replace the existing authentication type with ACCUREV.
    authentication.accurev.server The host name and port of your AccuRev server.
    accurev.command.path The full path to the AccuRev executable, accurev.exe.
    accurev.displayname.propname

    The property that controls the name of the Display Name field.

    Default value: Display Name

    accurev.emailaddress.propname

    The property that controls the name of the Email Address field.

    Default value: Email Address

    For example:

    Copy code
    authentication.type=ACCUREV
    authentication.accurev.server=myserver:8080
    accurev.command.path=<accurev_install_dir>\bin\accurev.exe
    accurev.displayname.propname=Display Name
    accurev.emailaddress.propname=Email Address
  3. Save the file.

Back to top

See also: