Configure AD intergration for SDLP 15.x and greater

SDLP recently change the process for completing the Single Sign on / AD integration in SDLP 15.0. Please read the Symantec DLP Upgrade Guide prior to upgrading DLP.

Refer to:

INSIGHT Admin guide - Page 25 - SECTION 9.4.1 BASIC CONFIGURATION: https://support.insightdlp.com/hc/en-us/articles/207232188-INSIGHT-DLP-Admin-Guide

 

Symantec DLP Admin guide - Page 111 - About authenticating users:
https://support.symantec.com/en_US/article.DOC9261.html

https://support.symantec.com/en_US/article.TECH248556.html

=======================================================================

***Prior to starting please read Symantec DLP Admin guide:
Symantec DLP Admin guide - Page 111 - About authenticating users:
https://support.symantec.com/en_US/article.DOC9261.html

 

***Prior to starting please obtain all AD server information from AD server team.

a. All FQDN and IP address for all AD servers in the same timezone as the Enforce server
b. Default realm(s)?

=======================================================================

1. Log into Appliance web UI > Device List > Enforce server, then scroll down to "Kerberos Configuration". Input FQDN of all AD servers separated by new line and click "Update Kerberos Configuration"

Example before:

 

Example after:

 

2. SSH to enforce as appuser after upgrading to DLP 15.0 MP1

 

3. Switch to protect user

sudo su - protect

 

4. Backup the old springSecurityContext.xml file.

SDLP 15.0 and older:

mv /opt/SymantecDLP/Protect/tomcat/webapps/ProtectManager/WEB-INF/springSecurityContext.xml /opt/SymantecDLP/Protect/tomcat/webapps/ProtectManager/WEB-INF/springSecurityContext.xml.BAK

 

SDLP 15.1:

mv /opt/Symantec/DataLossPrevention/Enforce\ Server/15.1/Protect/tomcat/webapps/ProtectManager/WEB-INF/springSecurityContext.xml /opt/Symantec/DataLossPrevention/Enforce\ Server/15.1/Protect/tomcat/webapps/ProtectManager/WEB-INF/springSecurityContext.xml.BAK

 

SDLP 15.5:

mv /opt/Symantec/DataLossPrevention/EnforceServer/15.5/Protect/tomcat/webapps/ProtectManager/WEB-INF/springSecurityContext.xml /opt/Symantec/DataLossPrevention/EnforceServer/15.5/Protect/tomcat/webapps/ProtectManager/WEB-INF/springSecurityContext.xml.BAK

 

 

5. Copy the sample springSecurityContext-Kerberos.xml into the working directory

SDLP 15.0 and older:

cp /opt/SymantecDLP/Protect/tomcat/webapps/ProtectManager/security/template/springSecurityContext-Kerberos.xml /opt/SymantecDLP/Protect/tomcat/webapps/ProtectManager/WEB-INF/springSecurityContext.xml

 

SDLP 15.1:

cp /opt/Symantec/DataLossPrevention/Enforce\ Server/15.1/Protect/tomcat/webapps/ProtectManager/security/template/springSecurityContext-Kerberos.xml  /opt/Symantec/DataLossPrevention/EnforceServer/15.1/Protect/tomcat/webapps/ProtectManager/WEB-INF/springSecurityContext.xml

 

SDLP 15.5:

cp /opt/Symantec/DataLossPrevention/EnforceServer/15.5/Protect/tomcat/webapps/ProtectManager/security/template/springSecurityContext-Kerberos.xml  /opt/Symantec/DataLossPrevention/EnforceServer/15.5/Protect/tomcat/webapps/ProtectManager/WEB-INF/springSecurityContext.xml

 

6. Edit the new springSecurityContext.xml as follows:

SDLP 15.0 and older:

cd /opt/SymantecDLP/Protect/tomcat/webapps/ProtectManager/WEB-INF/

 

SDLP 15.1:

cd /opt/Symantec/DataLossPrevention/Enforce\ Server/15.1/Protect/tomcat/webapps/ProtectManager/WEB-INF/

 

SDLP 15.5:

cd /opt/Symantec/DataLossPrevention/EnforceServer/15.5/Protect/tomcat/webapps/ProtectManager/WEB-INF/

 

7. Edit the file as follows:

vi springSecurityContext.xml

 

Active Directory: To enable Active Directory authentication, replace the value for
krbConfLocation with the path to your krb5.ini file.

example:
<property name="krbConfLocation" value="/etc/krb5.conf"/>

 

8. Verify and or Set ownership and permissions for springSecurityContext.xml 

chown protect:protect springSecurityContext.xml 

chmod 750 springSecurityContext.xml 

 

9. Restart VontuManager  service

SDLP 15.0 and older:

/etc/init.d/VontuManager restart

or as appuser

sudo service VontuManager restart

 

SDLP 15.1:

as appuser

sudo service SymantecDLPManager restart

 

SDLP 15.5:

as appuser

sudo service SymantecDLPManagerService restart

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.