Module Requirements

Owned by Betül Kara (Deactivated)
Last updated: Oct 17, 2024 by Martin Oehm
2 min read

For some modules, we have Requirements that are provided on this page. Please verify that all information are available in order to successfully activate the module.

Mailserver

Outgoing

For Outgoing Mails, the following information is needed:

SMTP Host (eg mailhost.fqdn.com )
SMTP Port (eg 25)
TLS Required? (Yes/No)
Authentification Required (Yes/No)
Username (eg johndoe@yourcompany.com)
Password
Which sending Mailadresse can be used (eg system@yourcompany.com)

Incoming

If signalByMailReply is used (Mail interaction with an instance) the following information is needed:

Protocol (IMAP, POP3, IMAPS, POP3S)
Port (eg 993)
Username (eg johndoe@yourcompany.com)
Password
WebMail client URL (eg https://mailhost.fqdn.com/owa/)

 

SAML 2.0

Requirements:

  • HTTPS is required for SAML module

  • Signature is required for SAML module

In order to enable SAML Authentification, an Endpoint has to created which allows our application to request Assertions which contain User information. The Relaying Part Trust needs the following settings:

Identifier (entity ID) (eg https://server.fqdn/sso-login/)
Reply URL (eg https://server.fqdn/sso-login/)
Signature is required
Endpoints (ADFS Only)
SAML Assertion Consumer
POST
Index 0
Trusted URL → https://server.fqdn.com/sso-login/
Claim Rules (ADFS Only)
samAccountName as Name-ID

What is the Redirect URL? https://HOSTNAME/sso-login
What is the Logout URL? https://HOSTNAME/sso-login/?ssoLogout=1

 

saml-old-tim-client=false

application=sso-login

<subsystem xmlns="urn:jboss:domain:keycloak-saml:1.4">
<secure-deployment name="saml-login.war">
<SP entityID="https://timurl/sso-login/" sslPolicy="EXTERNAL" nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" logoutPage="/logout.jsp" forceAuthentication="false" isPassive="false" turnOffChangeSessionIdOnLogin="false">
<RoleMappingsProvider id="idp-to-sp-role-mapper"/>
<Keys>
<Key signing="true">
<KeyStore file="${jboss.server.config.dir}/saml.jks" password="changeit">
<PrivateKey alias="samlcert" password="changeit"/>
<Certificate alias="samlcert"/>
</KeyStore>
</Key>
</Keys>
<PrincipalNameMapping policy="FROM_NAME_ID"/>
<RoleIdentifiers>
<Attribute name="Role"/>
</RoleIdentifiers>
<IDP entityID="idp" signaturesRequired="true">
<SingleSignOnService signRequest="true" validateResponseSignature="false" requestBinding="POST" responseBinding="POST" bindingUrl="https://idpurl/" assertionConsumerServiceUrl="https://timurl/sso-login/saml"/>
<SingleLogoutService validateRequestSignature="false" validateResponseSignature="false" signRequest="false" signResponse="false" requestBinding="POST" responseBinding="POST" postBindingUrl="https://idpurl/" redirectBindingUrl="https://idpurl/"/>
<Keys>
<Key signing="true">
<KeyStore file="${jboss.server.config.dir}/saml.jks" password="changeit">
<Certificate alias="samlcert"/>
</KeyStore>
</Key>
</Keys>
</IDP>
</SP>
</secure-deployment>
</subsystem>

LDAP

If the users should only authenticate (users are not created automatically) against LDAP the following information is required 

Authentification

If users should also be created automatically if they are added in LDAP the following information is required 

Synchronization

Single Group Synchronization

Multiple Groups Synchronization

 

If a separate Organizational Unit is not possible an LDAP Filter has to be provided which selects all necessary groups.

 

OpenID Connect (OIDC)

What is the Redirect URL? https://hostname/openid

What is the Logout URL? There is no logout URL - logout is only done on openid provider side

Does TIM use the Authorization Code Flow or the Implicit Flow? We use Authorization Code Flow.

 

This configuration in TIM /standalone/configuration/standalone-tim.xml is necessary:

<subsystem xmlns="urn:wildfly:elytron-oidc-client:2.0"> <secure-deployment name="openid.war"> <provider-url>https://FILL ME/adfs/</provider-url> <ssl-required>EXTERNAL</ssl-required> <principal-attribute>prefered_username</principal-attribute> <client-id>FILL-ME</client-id> <credential name="secret" secret="FILL-ME"/> </secure-deployment> </subsystem>

CAS (Central Authentication Service)

Sharepoint 

In order to use a Sharepoint Library as the DMS System in the system, the following information and resources are needed:

Also, some additional Columns have to be added to the Library. All columns have to be of type "string" and values must not be edited by hand. 

 

© TIM Solutions GmbH | AGB | Datenschutz | Impressum