Absent Member.
Absent Member.
5472 views

HP Fortify using Active Directory/Windows Authentication

I am trying to set up Fortify SSC to use Active directory and windows authentication for my users.  I have successfully configured SSC to use LDAP to import my users and assign roles running on Tomcat 7.  My issue is that we do not have passwords for our accounts.   We user smartcards but, that really shouldn't matter if we can get Windows Authentication to let us into SSC. 

I am not finding much in the way of documentation on how to do this.  I saw in the December announcement ()  that "Windows Active Directory Service support " is supported in R4.40.  I assumed this means I can use my internal Active Directory to authenticate my accounts but the install guide doesn't talk about this at all.  I see new options for SSO and SAML configuration but not real documentation on how to use this for Active Directory.

What is the recommended method to authenticate users using Windows Authentication?  Can I use SSO with Tomcat and Windows Authentication?  Can I pass my authorized windows account through IIS over to Tomcat using an IIS rewrite rule?

Tags (1)
0 Likes
3 Replies
Absent Member.
Absent Member.

We do not support Windows Authentication in 4.4 and earlier releases.

Active Directory (AD) is a user storage based on LDAP and can be accessed using the LDAP protocol. Having AD configured with SSC doesn’t automatically mean that you're using Windows Authentication.

For windows authentication you would have to setup an environment with AD, KDC (Kerberos Key Distribution Center) and SSC would have to support it. Which it will in a upcoming future release.

If you are using smart cards it may be a type of cards we’re going to support in a upcoming future release such as CAC with CA signed certificate stored on card. This is also not a Windows Authentication though, it can be configured together with AD.

Simply put, in 4.4 you can have following setup

AD/LDAP as user store with user passwords and SSC with LDAP enabled (user password LDAP attribute specified)

SAML IDP + SSC with LDAP enabled, usually both talking to same AD/LDAP directory, where IDP authenticate user and SSC authorize user based on AD entries

In a upcoming future release, you should be able to do all the above plus:

SPNEGO/Kerberos + SSC with LDAP enabled and configured for Kerberos authentication, using AD and KDC

X.509 certificate + SSC with LDAP enabled and configured for X.509 certificate authentication – CAC

0 Likes
Absent Member.
Absent Member.

Similar question, but not for the authentication for the SSC portal, but rather the IDE plugin upload of the results to SSC.

0 Likes
Absent Member.
Absent Member.

This was targeted to come out with our 16.2 release but we weren't able to reach that goal. I'm confident that we'll have it for 17.1 and depending on how quickly we can get it done, I'll try to get it pushed out as a 16.2 patch.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.