Access Control Setup (v2.0 and up)
The subsequent pages describe the setup of Access Control:
Access Control Server Host Requirements (v2.0 and up)
Notice
Access Control can only be installed on a CxManager machine.
For Server Host requirements, please see the installation documentation for the respective CxSAST/CxOSA/CxIAST version.
Access Control - Preparing the Environment (v2.0 and up)
Active Directory – LDAP SSO Configuration
HTTP.sys Configuration
Notice
HTTP.sys configuration is needed only for enabling Active Directory LDAP SSO.
To configure an HTTP.sys Web host implementation:
Add/Edit to appsettings.json
"Host": {
"Type" : "Http.Sys"
}
2. Restart the application.
3. The AC Windows service should run as a machine administrator.
4. Enable SSL for Http.Sys:
a. Create a X509 certificate.
b. Import the certificate to the local computer \ personal store
c. In a command prompt, as an administrator run the following command:
> netsh http add sslcert ipport=0.0.0.0:<port> certhash=<thumbprint> appid=<GUID value>
Caution
Use at least 6 alphanumeric characters for specifying the password for the SSL certificate.
LDAP SSO Configuration
If the server is configured with LDAP SSO (only relevant for Active Directory), you can login to Access Control using Windows SSO (no user name / password needed).
To configure LDAP SSO:
Configure Access Control with HTTP.sys (see HTTP.sys Configuration,above) or host under IIS.
Add a domain to Access Control using the REST API (this can also be done via the built-in Swagger):
Domain Name / Fully Qualified Domain Name (FQDN)
The domain name can be determined by running "echo %userdomain%" in the command prompt
The fully qualified domain name (FQDN) can be determined by running "echo %userDNSdomain%" in the command prompt
{
"name": "<your domain name for logging in>",
"fullyQualifiedName": "<FQDN name>"
}
3. Go to (or create) an Active Directory LDAP server by selecting the checkbox to 'Enable SSO' (underAccess Control - Settings Tab > Directory Settings)
 |
4. Logout, then login again using the Windows SSO button.
Installing Access Control (v2.0 and up)
Installing Access Control – for First-Time CxSAST/CxOSA Installations (v9.0.0 and up)
For first-time CxSAST/CxOSA installations, the Access Control installation is a part of the CxSAST/CxOSA installer. See Previous - Installing CxSAST (v9.0.0).
Installing Access Control – for Upgrading CxSAST/CxOSA (to v9.0.0 and up) from v8.8.0 or v8.9.0
When upgrading CxSAST/CxOSA to v9.0.0 and up from v8.8.0 and v8.9.0 only, the Access Control installation comes as a separate installer that must be run before running the CxSAST/CxOSA upgrade installer. See Upgrading CxSAST and Access Control Data Migration Installer.
Notice
If upgrading CxSAST/CsOSA from a version prior to v8.0.0, first upgrade to v8.0.0 or v8.9.0 – after which you then perform the upgrade procedure to v9.0.0 (and up), which installs Access Control.