Knowledge Base

Welcome to The Carlisle Group's Knowledge Base.

Search or Ask a Question

This is a keyword search that looks for matching articles that contain one or more words specifically by a user in articles’ tags, title and content. Admin writes brief intro content here via admin end. If you are unable to find an answer to your issue, please submit an issue here.

Search the Knowledge Base

Back to Articles List

CAS Authentication using Kerberos Single Sign-On | LoanBook

Added: 10/08/2012; Last Modified: 10/25/2012; Visits:5,358

 

CAS and LoanBook users can now take advantage of Active Directory user accounts. Users will no longer need to have a separate login credentials for LoanBook connections and transactions. It’s mandatory that the LoanBook Single Sign-On proxy Server (SSOProxy) is running on the same machine as the LoanBook server. Both servers must be listening on the same IP addresses.

There are three ways to establish a connection from CAS to LoanBook. The first way is to predefine the connection parameters in the CAS shortcut and use the “Default Connection” options. Second is to use CAS “LoanBook Connection” interface objects and the third is to connect via scripting.
 
 
LoanBook/SalesBook or CAS "Default Connection"
 
The typical CAS startup shortcut contains the path to “dyalort.exe” and the “cas.dws” files. The inifile parameter specifies which registry key will be used. It usually looks like this: "C:\Program Files (x86)\CarlisleGroup\CAS 5.0\dyalogrt.exe" CAS inifile="HKEY_LOCAL_MACHINE\Software\CarlisleGroup\CAS 5.0"
 
There are additional startup parameters required to start CAS or LoanBook/SalesBook client with the intention of connecting to a LoanBook server using a default connection.
 
  • LoanBook – 1 or 0. If set to 1, CAS will enable LoanBook objects. (LoanBook=1)
  • LB_IP – The machine name or IP address of the LoanBook server. A machine name is preferable because it’s used to generate a connection SPN. (LB_IP=”lbserver1.domain.local”).  if a FQDN is not used, a SPN is not optional.
  • LB_Port – The port that LoanBook is listening on. (LB_Port=1241)
  • SSO- 1 or 0, if set to 1, CAS or LoanBook clients will attempt to authenticate via Kerberos Single Sign-On. (SSO=1)
  • SPN – Is the Service Principal Name account that the SSOProxy is running under.  If left blank the default "LBSSOProxy" serviceclass and the host name are used to create the SPN on demand. (LBSSOProxy/server1.domain.com:9000).  If LBSSOProxy SPN is not registered, the user account of the SSOProxy must be used. (SPN=”domain\user”)
  • SSO_Port – Listening port of the SSOProxy server, this is different from the LoanBook Server listening port. (SSO_Port=9000)
  • SSO_TimeOut – Amount of time, in seconds, an authentication call can take before an error is thrown. The default is 30 seconds. (SSO_TimeOut=30)  The maximum TimeOut allowed is 60 seconds.
 
A typical CAS startup string with LoanBook and SSO parameters will look like this: "C:\Program Files (x86)\CarlisleGroup\CAS 5.0\dyalogrt.exe" CAS inifile="HKEY_LOCAL_MACHINE\Software\CarlisleGroup\CAS 5.0" MaxWS=900000 LoanBook=1 LB_IP="192.168.0.117" LB_PORT=1241 SSO=1 SSO_Port=9000 SPN="user@domain.com" SSO_TimeOut=30

 

LoanBook and Salesbook client will automatically logon to the LoanBook server when started with the parameters above.  CAS will give the option to use the  "Default Connection" menu item.

 

 

CAS "LoanBook Connection" object.

Using LoanBook Connection objects lets the user connect to different LoanBook servers or instances in the same instance of CAS.  In order for the objects to be visible in the menu, the LoanBook parameter must be set to 1 in the startup shortcut.  These objects allow users to choose LoanBook classic or Kerberos SSO authentication.

  1. Create a LoanBook Connection object.  Right-Click to get the menu and select "New->LoanBook Object->LoanBook Connection"


     
  2. Go to the newly created objects properties.  Right-Click on the object and select "Properties"
  3. On the "General" tab you must put in the "Server IP or Name" and "Server Port Number" fields.  The "User name" and Password" fields are optional when using single sign-on.


     
  4. Go to the "Single Sign-On" tab.
  5. To use single sign-on you must check the "Use Single Sign-On" option.  The "Service Principal Name" (SPN) that the SSOProxy server is running under.  Also, the "SSO Proxy Port" and "SSO TimeOut" fields are required.  This is optional ONLY if "LBSSOProxy" is registered as the default SPN for the SSPProxy server.  When left blank the SPN will be automatically generated as: LBSSOProxy\{Server Name}:{SSO Proxy Port}

 

CAS Scripting objects.
 

This sample script shows how to connect and query a LoanBook server using the new Kerberos single sign-on authentication.

 

 LBC„LoanBookConnection.New''
 LBC.IPAddress„CharString.New'192.168.0.83'

 LBC.PortNumber„Numeric.New 1241
 LBC.UseSSO„1
 LBC.SSOPort„9000
 LBC.SSOTimeOut„60
 LBC.SPN„'domain\use'
 LBC.Connect''

 LBQ„LoanBookQuery.New''
 LBQ.Connection„LBC
 LBQ.Table„'PIPELINE'
 LBQ.Fields„'COMMITDATE,PRICE,EXPFUNDING,DONOTSETTLE'
 LBQ.SelStatement„''
 PipeRecs„LBQ.Execute''

 PipeRecs.Show''