MAXapps : Maximo mobile integration to secured networks

How our mobile solution for IBM maximo handles LDAP

Defining LDAP in IBM Maximo environment

Today many companies are used to manage permissions and access to networked resources and databases by running the Microsoft Active Directory . Every single element, such as a user, group, application or device is stored as an object and managed in a centralized way.

A Lightweight Directory Access Protocol (LDAP) server is often used to centralize management of users / groups / credentials within enterprises. An LDAP server stores user information such as group memberships and often also authorization / authentication data. You can use this information to authenticate either on IBM Websphere application server or on Oracle Weblogic application server.

Using the LDAP may strengthen the TCP/IP link through their internal network with an additional security layer. Many enterprises with IBM Maximo asset management installations will opt for directory services with LDAP/X.500 based implementations. However, the addition of this layer can block certain types of connections.

MAXapps is build with this issue in mind. The mobile solution for Maximo supports LDAP authentication through webpshere or weblogic, & JNDI and Enterprise Java beans .

Setting the users & roles in Maximo environment

Generally speaking, in mostly Maximo configurations that handle LDAP, every user needs to get authenticated by the LDAP server in order to log into the internal environment. Thus we assume that all users, passwords and security groups are centrally managed in a user registry.

Setup MAXapps to LDAP authentication

Websphere and Weblogic frameworks enable applications running on their server to have one API to talk to. They do not need to know details on how to interface with each security provider separately.

How to setup MAXapps through IBM Websphere application server

The first step is to set up the LDAP On Websphere
Then you have to set up your MAXapps mobile app through the IBM Websphere application server :
- During the installation, enter the Hostname of Websphere.
- When the installation process is completed, set a property to « true » in the config file
- Extract two certificates files from wepsphere installation folder and copy them under Maxapps Server Installation folder
You can configure WebSphere Application Server to use incremental synchronization. Incremental synchronization is a more efficient method of updating user data than full synchronization because only data that has changed is synchronized from the directory to the tables

How to setup MAXapps through Oracle Weblogic server

Weblogic Server comes with an Embedded LDAP Server which acts as the Default Provider for authentication, authorization and role mapping. However, since authentication is based on JAAS ( Java Authentication and Authorization Service), we can have external providers as well.
First, you will have to configure Weblogic to use LDAP
Then you will have to restart the application server, deploy the system and map the security role in the LDAP system