Access Control - Preparing the Environment (v2.0 and up)
Active Directory – LDAP SSO Configuration
HTTP.sys Configuration
Notice
HTTP.sys configuration is needed only for enabling Active Directory LDAP SSO.
To configure an HTTP.sys Web host implementation:
Add/Edit to appsettings.json
"Host": {
"Type" : "Http.Sys"
}
2. Restart the application.
3. The AC Windows service should run as a machine administrator.
4. Enable SSL for Http.Sys:
a. Create a X509 certificate.
b. Import the certificate to the local computer \ personal store
c. In a command prompt, as an administrator run the following command:
> netsh http add sslcert ipport=0.0.0.0:<port> certhash=<thumbprint> appid=<GUID value>
Caution
Use at least 6 alphanumeric characters for specifying the password for the SSL certificate.
LDAP SSO Configuration
If the server is configured with LDAP SSO (only relevant for Active Directory), you can login to Access Control using Windows SSO (no user name / password needed).
To configure LDAP SSO:
Configure Access Control with HTTP.sys (see HTTP.sys Configuration,above) or host under IIS.
Add a domain to Access Control using the REST API (this can also be done via the built-in Swagger):
Domain Name / Fully Qualified Domain Name (FQDN)
The domain name can be determined by running "echo %userdomain%" in the command prompt
The fully qualified domain name (FQDN) can be determined by running "echo %userDNSdomain%" in the command prompt
{
"name": "<your domain name for logging in>",
"fullyQualifiedName": "<FQDN name>"
}
3. Go to (or create) an Active Directory LDAP server by selecting the checkbox to 'Enable SSO' (underAccess Control - Settings Tab > Directory Settings)
 |
4. Logout, then login again using the Windows SSO button.