RadixWare Explorer User Guide

From RadixWiki
(Redirected from RW Explorer User Guide)
Jump to: navigation, search

Revision History

Date RadixWare Version Description of Changes

23.11.2018

2.1.20.x

In the RadixWare Desktop Explorer application, added the facility to open the explorer tree branches as separate tabs located above the selector toolbar.

As such, to the Application Appearance / Explorer Tree dialog box, added the Restore opened tabs flag.

Updated sections:

In the RadixWare Desktop Explorer application, added the facility to add the explorer tree branches to bookmarks. As such:
  • To the application menu, added the Bookmarks item.
  • Added the bookmark panel under the application menu.

Updated section User Interface

In the RadixWare Web Explorer application, added the facility to execute the command displayed as first button in the cell (in particular, opening the dialog box used to view/edit object) by double-clicking left mouse button in the cell.

Updated section Selector Menu and Toolbar

Supported the facility to delete all objects from the selector in the multiple selection mode even if some objects are not loaded in the selector yet.

Updated section Selector Menu and Toolbar

Extended the description of the extDesignerMaxHeapSize parameter.

Updated section Startup and Connection Setup

To the list of supported OS, added Red Hat Enterprise Linux ES v.7.5.

Updated section Software Requirements

17.09.2018

2.1.19.x

Added the facility to hide the editor of the current object if the multiple selection mode is used. Now, the total number of the selected objects is displayed instead of the editor of the current object.

Updated section Selector Menu and Toolbar

Added the display of information on existing replacement files in the File Replacements area of the About dialog box.

Updated section About Application

Extended description of browser requirements.

Updated section Software Requirements

25.07.2018

2.1.18.х

In the RadixWare Desktop Explorer application, added the facility to hide/show the filtering parameters area and change its size. As such:
  • On the sorting and filtering panel, added the Hide Filter Parameters and Show Filter Parameters buttons.
  • It is possible to change the size of the filtering parameters area by pressing the left mouse button and moving the splitter located under the Hide Filter Parameters and Show Filter Parameters buttons.

Updated section Filtering and Sorting Options

Changed the logic of searching for an object in the selector by the specified text. Now, the search is performed starting from the previous/next row in the selector. Previously, the search was performed starting from the current row.

Updated section Searching for Object

Fixed the error due to which the list of available nodes/attributes displayed incorrectly in the XML editor. Now, the Maximum number of items in drop-down list parameter of the explorer appearance settings is used to display the available items.

Updated section XML Editor

08.06.2018 - Changed the startup command for RadixWare Desktop Explorer.

Updated section Startup and Connection Setup

28.5.2017

2.1.17.x

Added the facility to set the current date and time without using the date/time editor.

Updated section Date and Time Editor

For common and user-defined filters, supported the facility to define the additional condition when creating a parameter of the Object Reference type.

Updated section SQML Editor

Supported the facility to enable / disable the search of the available connection addresses.

Updated sections:

Supported the facility to enable / disable the default usage of the multiple selection mode.

Updated section Application Appearance Setup

26.03.2018 2.1.16.х Added the RadixWare Explorer startup parameter –appIcon.

Updated section Startup and Connection Setup

24.11.2017

2.1.14.x

Supported the facility to use the Delete hot key to delete the selector objects chosen in the multiple selection mode.

Updated section Selector Menu and Toobar

To the About dialog box, added the Product Installation Options area.

Updated section About Application

For the RadixWare Explorer and Web Presentation Server, supported the –detailed3rdPartyLogging startup parameter.

Updated section Startup and Connection Setup

Supported the RadixWare Explorer startup parameter - alternateUdfCompletionShortcut.

Updated section Startup and Connection Setup

21.09.2017

2.1.13.x

Changed the mechanism of updating RadixWare Explorer. Now, RadixWare Explorer is updated only after all instances of the application server are updated.

As such, eliminated the Server | Check for Updates menu item.
Updated sections:

To the tree-like selectors, added the column with cells enabling to insert the selected object into the explorer tree. To insert the required object, double click the left mouse button on the selected column cell. For the current object in the tree-like selector, the respective cell will be highlighted.

Updated section User Interface

Supported the facility to export objects and their properties from the selector to a XLSX file. As such, the Export Selector Content command has a context menu:
  • Export Selector Content in CSV Format
  • Export Selector Content in XLSX Format

Updated sections:

In the RadixWare Web Explorer application, added the facility to find the record in the selector. To search for the object, enter the required text and select the column in the modal dialog box invoked by:
  • Clicking the Find button on the object selector toolbar.
  • Selecting Selector | Find on the menu.
  • Using hot keys Ctrl+F.

In the RadixWare Desktop Explorer application, added the facility to invoke this dialog box by using hot keys Ctrl+F.
Updated sections:

Introduction

The document hereunder guides through:

  • the RadixWare Desktop Explorer application of the RadixWare platform
  • the RadixWare Web Explorer application of the RadixWare platform

Note.jpgThe RadixWare Desktop Explorer and RadixWare Web Explorer applications are hereafter referred to as the RadixWare Explorer application when describing their common facilities.

The document describes application facilities and methods of executing various operations.

Conventions and Abbreviations

Conventions

Convention Example Applies to
Italic Extract the starter.jar file from the repository where the software product is installed and save it on the local drive of the workstation where the application will be used. Names of the files, directories, subdirectories, websites; values of the parameters
Bold The appearance of the Connections Manager dialog box Terms introduced for the first time; names of the software products; names of the user interface elements, application units, parameters, fields, operations, tags
Bold separated by vertical bar Server | Connect... Path to the menu item, dialog box, navigation tree branch
Text afterNote.jpg Note.jpgIt is possible to change the root item when running the application in Tree Change Explorer Root. Notes
Text afterExample.jpg Example.jpgSelect ID from FOO_TABLE where TYPE=123 Examples


Abbreviations

OS Operating System
DB Database
ARTE Application Runtime Environment
EAS Explorer Access Service
MSDL Message Structured Data Language
GUID Global Unique Identifier
JML Java Markup Language
SQML Structured Query Markup Language
XML eXtensible Markup Language
XSLT eXtensible Stylesheet Language Transformations

Related Documents

# Document Name Description
1 RadixWare Server. Administrator Guide The document describes the RadixWare Server application and its startup procedure.
2 RadixWare Starter. Administrator Guide The document describes the RadixWare Starter application and its startup procedure.
3 RadixWare Web Presentation Server. Administrator Guide The document describes the RadixWare Web Presentation Server application and its startup procedure.
4 RadixWare. Programmer Guide The document describes the principal concepts, objects and functionality of the RadixWare technological platform and RadixWare Designer application used to develop applications on basis of RadixWare platform.

Overview

The main purpose of the RadixWare Explorer application is to view, modify data, and execute operations. The RadixWare Explorer application provides the standard tools for navigation, editing, creating filters, generating reports, etc.

RadixWare Explorer Key Features

  • Direct access to the database is not required. The access to the information is performed via the application server.
  • The facility to install the updates without the application restart. The updates are automatically delivered to all workstations and put into operation as soon as they are ready.
  • The facility to restrict the user access to the components with the accuracy of a separate property on the particular object or particular action on the object.
  • Support of multiple languages. It is possible to define the language of the user interface.
  • The unified format of most dialog boxes.

The RadixWare Desktop Explorer and RadixWare Web Explorer applications are parts of the RadixWare technological platform used to build the application products.

The RadixWare Desktop Explorer application represents the client part of the platform and provides the user interface.

The RadixWare Web Explorer application is used to provide access to the workplace via the Web interface. The Web browser is used as a client application. It interacts with the RadixWare Web Presentation Server application via the HTTPS (or HTTP) protocol (for details, refer to RadixWare Web Presentation Server. Administrator Guide). Working in the RadixWare Desktop Explorer and RadixWare Web Explorer applications has some differences. Hereinafter, all differences are put into the special tables. The left column contains the RadixWare Desktop Explorer distinctive features, the right one - those of RadixWare Web Explorer.

RadixWare Desktop Explorer has more menu functions. All facilities used only by this application are noted separately.

Software Requirements

Workstation Requirements for RadixWare Desktop Explorer Startup

Hardware Requirements Minimum requirements:
  • CPU - Intel Core2 Duo (and higher)
  • RAM:
    • not less than 2 GB if the RadixWare Desktop Explorer is not used for development
    • not less than 4 GB if the RadixWare Desktop Explorer is used as the developer workplace
Note.jpgThe minimum requirements for the Xmx parameter (the parameter is defined when starting the Java machine for the RadixWare Desktop Explorer. For details, refer to Startup and Connection Setup and JVM specification) depend on the OS capacity. The information provided below allows estimating the minimum requirements for Xmx:
  • for 32-bit OS: -Xmx700m
  • for 64-bit OS:
    • - 1024m - if it is not intended to develop the user functionality
    • - 2048m - if it is intended to develop the user functionality
Note.jpgThe RadixWare Desktop Explorer application can be started in the mode of low memory consumption of the workstation. For this purpose, it is required to add the respective parameters to the [Explorer] section of the configuration file used to start the application. For details, refer to Startup and Connection Setup.
  • drive sub-system - not less than 0,6 GB of free space

Note.jpgIf the workstation is used to develop the user functionality, it is recommended to use SSD instead of HDD.

Note.jpgFinally, the hardware requirements depend on the operating system taking into account the RadixWare-based software products to be used.

OS The following OS are recommended to organize the workstation:
  • MS Windows 8
  • MS Windows 10
  • Red Hat Enterprise Linux v. 6.x
  • Red Hat Enterprise Linux v. 7.1 - 7.5

Note.jpgInstall the latest versions of the system updates (Service Pack, Hot Fix).

Note.jpgFor correct operation of RadixWare Explorer on Linux OS, it may require to install the window manager for X Window System.

Platform
  • Java Runtime Environment / Java Development Kit v. 1.7.x (not lower than 1.7.80)
  • Java Runtime Environment / Java Development Kit v. 1.8.x

Note.jpgIt is recommended to use the latest Java update.

Workstation Requirements for RadixWare Web Explorer Startup

Hardware Requirements Defined by the browser requirements
Browser
  • Google Chrome
  • Mozilla Firefox
  • Apple Safari
  • Internet Explorer
  • MS Edge

Note.jpgJavaScript must be enabled in the Web browser settings.

Note.jpgIt is recommended to install the latest versions of the system updates.

Note.jpgThe display of pop-up windows must be allowed for the URL address of web interface, as these windows are used to load and view files.

Working with Application

Main title: Working with Application

User Interface

Main title: User Interface

Application Appearance Setup

The application appearance is set up in the Appearance Settings dialog box opened by selecting the Options | Appearance Settings on the menu.

Adjustment view 1.jpg

The application appearance settings are divided into the following sections:

To work in the Appearance Settings dialog box, use the following toolbar buttons:

Button Function
Adjustment view 2.jpg Previews the application appearance
View 30.jpg Restores the appearance default settings
Adjustment view 3.jpg Loads the appearance settings from a file
Adjustment view 4.jpg Saves the appearance settings to a file

To reset the appearance settings, select the Options | Reset Settings menu item.
Note.jpgParameters marked with an asterisk (*) are available in the RadixWare Desktop Explorer only.

Explorer Tree Appearance Settings

To set up the appearance of information displayed in the explorer tree, use the following pages:

  • General Page
  • *Icon size. The size of the icons displayed in the explorer tree. The value can be set within the range from 16 to 32 pixels.
  • Background color. The color of the background behind the tree.

The font and background color of any item that becomes active when navigating the explorer tree is defined by the following parameters:

  • Tree selected item font color
  • Tree selected item background color
  • Position. The explorer tree position in the application window (from left / right / top / bottom).
  • Remember current item . If the flag is set, the current context of the explorer tree is saved when closing the application. When being re-opened, the application automatically recovers the context of the previous session.
  • Save user-defined items . If the flag is set, the user-defined items of the explorer tree are saved when closing / opening the application.
  • *Restore opened tabs. If the flag is set, all tabs opened before disconnection will be saved. By default, the flag is not set.
  • Paragraph Page

The paragraph appearance settings include:

  • *Font. The paragraph header font.
  • Background color. The paragraph header background color.
  • Foreground color. The paragraph header foreground color.
  • Show icons . If the flag is set, the paragraph icons are displayed in the explorer tree.
  • Selector Page

The page is used to set up the paragraph items appearance. The set of parameters is similar to that of the Paragraph page (see above).

  • Editor Page

The page is used to set up the appearance of the items inserted into the tree. The set of parameters is similar to that of the Paragraph page and, additionally, includes the Open editor after inserting object into tree flag. If the flag is set, the editor area opens automatically after the user-defined item is inserted into the tree.

  • User-Defined Item Page

The page is used to set up the user-defined items appearance. The set of parameters is similar to that of the Paragraph page.

Editor Appearance Settings

To set up the appearance of information displayed in the editor, use the following pages:

  • General Page
  • *Icon size in toolbars. The size of icons on the editor toolbar. The value can be set within the range from 16 to 32 pixels.
  • *Icon size in tabs. The size of icons on the editor pages. The value can be set within the range from 16 to 32 pixels.
  • *Font in tabs. The font of page headers in the editor.
  • Maximum number of items in drop-down list. The maximum number of items shown in the drop-down list of available values of the object property. For details, refer to Data Entry Fields.
  • Field name alignment. The alignment of field names in the editor. Available values: Left, Right. The default value is Left.
  • Remember current tab. If the flag is set, the last active page is recovered when opening the editor. If the flag is not set, the first available page of the editor will be the current one when opening the editor. By default, the flag is not set.
  • Warn about undefined value for mandatory property when closing editor. If the flag is set, the user will be warned that the values of mandatory parameters are not defined. By default, the flag is set.
  • Properties Page

The display attributes for the fields of a certain type (read-only / mandatory / other fields):

  • Name. The font and color of field names.
  • Value. The font and background of field values, the text color depending on the value type (own / inherited / overridden / not defined).

Selector Appearance Settings

To set up the appearance of information displayed in the selector, use the following pages:

  • General Page
  • *Icon size in selector toolbars. The size of icons on the selector toolbar. The value can be set within the range from 16 to 32 pixels.
  • Remember current filter. If the flag is set, the defined filtering parameters are saved when navigating the tree.
  • *Header font in selector. The font of page / table headers in the selector.
  • Header alignment. The selector headers alignment settings. Available values:
  • Center
  • Left
  • Right
Current cell frame color
Current row frame color
  • *Selected object background color. The background color of the object selected in the multiple selection mode.
  • Enable multiple selection mode by default. If the flag is set, the multiple selection mode is always enabled. The flag is not set, by default.
  • Alternative Background Color. The color used to highlight even rows in the selector table.
  • Styles Page

The styles used to display the fields of a certain type (read-only / mandatory / other fields) in different states (the state can be selected from the pre-defined list; for example, Normal, Favorite, Unimportant, etc). The style includes the font, background color and font color settings for a certain type of field. The Preview area allows previewing the style after formatting.

  • Alignment Page

To align the values of different types in the selector fields, use the following parameters:

  • Integer
  • Character
  • Real number
  • Date/time
  • String
  • Binary
  • CLOB
  • BLOB
  • Parent reference

Available values for each parameter:

  • Left
  • Center
  • Right
  • Default. The default alignment variant defined in the system for a certain data type.

Source Code Display Settings

The settings are available in the RadixWare Desktop Explorer.

To set up the appearance of information displayed in the JML and SQML selectors, use the following pages:

  • Source Code Options for JML. The font, background color and text color for each JML element selected from the pre-defined list. For each JML element in the list, it is possible to apply the Default element settings by setting the Default flag.

Adjustment view 5.jpg

The Preview area allows previewing the result after formatting.

  • Source Code Options for SQML. The set of parameters is similar to those on the Source Code Options for JML page (see above).

Note.jpgTo define / change the text / background color settings of the RadixWare Desktop Explorer elements, use the Select Color dialog box (see below). To define / change the font settings, use the Select Font dialog box (see below).

Number and Date/Time Settings

To set up the format of displaying the data of Numeric and Date and Time type, use the following parameters:

  • The Number Format area contains the following parameters:
  • Thousands separator. The character used as a thousands separator in the number integer part. Available values:
  • ,
  • .
  • Space
  • '
  • `
  • None
  • Decimal separator. The character used as a decimal separator. Available values:
  • ,
  • .
  • Example
Note.jpgThe values of parameters in the Date Format and Time Format areas can be entered from the keyboard or selected from the list of available values by clicking the Show predefined values button.

The example of format is displayed next to the parameter value.

  • The Date Format area contains the following parameters:
  • Short. Available values:
  • dd.MM.yy
  • d/MM/yy
  • dd/MM/yy
  • d/M/yy
  • dd/MM/yyyy
  • M/d/yy
  • yyyy/MM/dd
  • Medium. Available values:
  • dd.MM.yyyy
  • dd/MM/yyyy
  • d-MMM-yyyy
  • d MMM, yyyy
  • dd-MMM-yyyy
  • dd MMM yyyy
  • d/MM/yyyy
  • MM d, yy
  • MMM d, yyyy
  • Default. Available values:
  • dd.MM.yyyy
  • dd/MM/yyyy
  • d-MMM-yyyy
  • d MMM, yyyy
  • dd-MMM-yyyy
  • dd MMM yyyy
  • dd MMM yyyy
  • d/MM/yyyy
  • MM d, yy
  • MMM d, yyyy
  • Long. Available values:
  • d MMMM yyyy
  • d MMMM yyyy
  • MMMM d, yyyy
  • d MMMM, yyyy
  • dd MMMM yyyy
  • Full. Available values:
  • d MMMM yyyy
  • dddd, d MMMM yyyy
  • dddd, MMMM d, yyyy
  • dddd, d MMMM, yyyy
  • dd MMMM yyyy
  • dddd dd MMMM yyyy

When putting the cursor over the parameters, the following pop-up hint is displayed:

Date example.jpg

  • The Time Format area contains the following parameters:
  • Short. Available values:
  • H:mm
  • h:mm AP
  • HH:mm
  • Medium. Available values:
  • H:mm:ss
  • h:mm:ss AP
  • HH:mm:ss
  • Default. Available values:
  • H:mm:ss
  • h:mm:ss AP
  • HH:mm:ss
  • Long. Available values:
  • H:mm:ss T
  • h:mm:ss AP
  • h:mm:ss T AP
  • h:mm:ss AP T
  • HH:mm:ss T
  • Full. Available values:
  • H:mm:ss T
  • h:mm:ss AP T
  • h:mm:ss 'oclock' AP T
  • HH:mm:ss 'oclock' T
  • HH:mm:ss T
  • h:mm:ss AP

When putting the cursor over the parameters, the following pop-up hint is displayed:

Time example.jpg

To reset all settings of the format of number and date/time, click the Restore default formats button.

Note.jpgThese settings are not used for parameters if their format is defined not by means of Input mask editor, but manually in the RadixWare Designer application (i.e. the display format does not depend on the user locale).


Appearance Settings

The settings are available in the RadixWare Desktop Explorer and are used to set up the style of graphic elements displayed in the application window: buttons, pages, radio buttons, data entry fields, navigation tree. The application supports the following styles: Windows, Windows XP, Windows Vista, Motif, CDE, Plastique, Cleanlooks. The Preview area allows previewing the result after the style is changed.


Font Settings

The settings are available in the RadixWare Desktop Explorer. The Select Font dialog box is used to select the text font for different application elements, for example, the selector headers font, etc. The dialog box is in the context of the Appearance Settings dialog box opened by selecting the Options menu item.

The Select Font dialog box looks as follows:

choice_front_1.jpg

The font settings include:

  • Font. The font type that is selected from the list.
  • Font style:
    • Normal
    • Italic
    • Bold
    • Bold Italic
  • Size. The font size in points (1 point = 0.375 mm).
  • Effects. Define the value by setting one of the following flags:
    • Strikeout – strikeout text
    • Underline – underlined text
  • Writing System. The type of writing system (Latin, Greek, Cyrillic, etc).


The right bottom part of the dialog box displays the Sample area used to preview the result of the font settings formatting.

Color Settings

The settings are available in the RadixWare Desktop Explorer.

The Select Color dialog box is used to select the color of separate components, for example, text, background, etc. The dialog box is in the context of the Appearance Settings dialog box opened by selecting the Options menu item.

The Select Color dialog box in the RadixWare Desktop Explorer looks as follows:

Select colors.jpg

The dialog box displays the current color of the component. The color can be changed by means of the following:

  • standard color palette (Basic colors). To define / change the color, click the button of the required color.
  • floating palette. If the required color is absent in the standard palette, it can be defined by means of the floating palette. In the palette, select the color:
    • by moving the slider (clicking on the required color hue).
    • by matching using the color scale. The color scale displays the hues of the current color selected in the standard or floating palette. Define the hue by clicking on the required point of the color scale or moving the slider along the scale.
    • by describing the color model. The color model allows selecting the required color by using the palettes combination by red, green and blue colors as well as by hue, saturation and brightness. The values are entered into the respective fields.

The application provides the facility to create a catalog of frequently used colors (the Custom colors area). For this purpose, select the color by using one of the above-listed ways (the selected color will be displayed in the current color area) and click the Add to Custom Colors button. The selected color will appear in the catalog.

The Select Color dialog box in the RadixWare Web Explorer looks as follows:

Select colors web.jpg

The dialog box contains the floating palette used to change the value of the current color of a component. Select the color in the palette:

  • by moving the slider (clicking on the required color hue).
  • by matching colors on the color scale. The color scale displays the hues of the current color selected in the floating palette. Define the hue by clicking on the required point of the color scale or moving the slider along the scale.

Appendixes

Appendix A. JML and SQML Tags

The tag can encapsulate various data. Depending on the type, data and context, each tag is translated to this or that code. The tag is visualized the same way. Visually, the tag is the solid text (that can not be edited) highlighted by a certain color.

The tags are used to describe the SQL (PL/SQL) and Java expressions:

  • SQL with tags is called SQML (Structured Query Markup Language)
  • Java code with tags is called JML (Java Markup Language)

Let’s suppose that it is required to insert the integer constant to the SQML body. It is simply possible to write its value, but in this case, the code will be hard to understand:

Example.jpgSelect ID from FOO_TABLE where TYPE=123

It is possible to add comments to the code:

Example.jpgSelect ID from FOO_TABLE where TYPE=123 /*TranType::Revert*/

the constant value can be present as a tag:

Example.jpgSelect ID from FOO_TABLE where TYPE=FooType::Main

This brings the following additional facilities:

  • When pointing the tag with mouse cursor, the additional information displays (for example, constant value, where it is declared).
  • Integrity. If the tag is changed or renamed, the integrity is not violated.

When executing this code, the translator will automatically substitute the correct value. The tag contains enough information to find the constant.

The table or column reference can be also present as tag:

Example.jpgSelect id from FooTable where type=FooType::Main

In this case integrity will not not violated when the table or column are renamed.

Object Identifiers All RadixWare program objects that can be referred to has the identifier and called definition. The identifier is generated when creating an object depending on the current time, MAC address of network card pseudorandom data. Thus ensuring its global uniqueness (GUID - Globally Unique Identifier).

Example.jpgExample of identifier: mthH123DMPGER4HSMLDMS4UDIJGS45M

The RadixWare program codes refer to definitions. To refer to definition from the code, the tag is used. The definition location can be known from its identifier that is stored in tag.

In RadixWare, the definitions are presented by classes, particularly its methods and properties. All the references to them must be inserted as tags.

Appendix B. User Authentication Setup

This section contains the instructions on how to set up the various methods of user authentication:

  • User Authentication by Kerberos Protocol in RadixWare Desktop Explorer
  • User Authentication by Certificate in RadixWare Web Explorer
  • User Authentication by Kerberos Protocol in RadixWare Web Explorer

User Authentication in RadixWare Desktop Explorer

User Authentication by Kerberos Protocol

Follow the steps to set up the user authentication by Kerberos protocol:

  1. Set up the authentication server
  2. Set up the Kerberos configuration file
  3. Set up the applications server (RadixWare Server)
  4. Set up the user account
  5. Set up the server connection that will be used for authentication
  6. Set up the workstation where the RadixWare Explorer will run

Authentication Server Setup

Perform the following actions on the authentication server:

  • Register the EAS service account:
    • for Linux OS: if MIT Kerberos is used, run the following command to create the account:

sudo kadmin.local -q "addprinc -randkey <EAS Principal Name>@<KERBEROS REALM NAME>"

    • for Windows OS: create the EAS service account in Active Directory (for details, refer to [1]) and register the service by running the following command:

setspn -A <EAS Principal Name>@<KERBEROS REALM NAME> <service account name>

  • Create the keytab-file that will store the access keys of the EAS service account:
    • for Linux OS: if MIT Kerberos is used, run the following command to create the keytab-file:

sudo kadmin.local -q "ktadd -k <path to file> -e <encryption type>"

    • for Windows OS: use ktpass tool (included in the Windows Support Tools) to create keytab-file. For this purpose, run the following command:

ktpass -out <path to file> -princ <EAS Principal Name>/<WEB SERVER HOST NAME>@<KERBEROS REALM NAME> -mapUser <service account name> -kvno 0 -pass <service account password> -ptype KRB5_NT_PRINCIPAL The created keytab-file must be stored on the workstation where the RadixWare Server is running.


Kerberos Configuration File

The Kerberos common settings are stored in the configuration file whose location is defined as follows (in order of descending priority):

  • Path that is defined in the Java java.security.krb5.conf system property
  • The file krb5.conf in the /lib/security subdirectory of the jvm working directory
  • In the OS directories:
    • for Windows OS:
      • the file krb5.ini in Windows root directory
      • the file krb5.ini in the system subdirectory of the Windows root directory
      • the file c:\winnt\krb5.ini
    • for other OS: the file krb5.conf in the /etc subdirectory

For details on how to set up the kerberos configuration file, go to [2] and [3].

RadixWare Server Setup

The application server can be set up in RadixWare application via GUI. For this purpose:

  • On the EAS page of the own system editor, in the Kerberos service principal name parameter, specify the name under which EAS service is registered on the authentication server.
  • On the General page of the instance editor, in the Kerberos keys file (keytab file) parameter, specify the path to keytab-file. By default, the keytab-file location is defined in the default_keytab_name parameter of the libdefaults section of the Kerberos configuration file. If this parameter is absent in the configuration file, the parameter will be searched for in the file krb5.keytab that is located in the user home directory.
  • On the General page of the unit access point editor (unit implementing the EAS service), select the Enabled value in the Kerberos Authentication parameter.

User Account Setup

The user account with the kerberos authentication must comply with the following requirements (the account is created and set up in RadixWare application via GUI for additing Users):

  • the name of the system user account must the same as the name of the user account on the authentication server.
  • the Kerberos authentication must be enabled in the user account settings.


Server Connection Setup

To set up the connection, use the connection manager in the RadixWare Desktop Explorer. Perform the following actions on the Security page of the Connection Options dialog box:

  • Set the Authentication type parameter to Kerberos.
  • In the EAS principal name parameter, specify the name under which the EAS service is registered on the authentication server. The parameter value must be the same as Kerberos service principal name set in the system settings.


Workstation Setup

If the length of key used on the authentication server exceeds 128 bits, it can be necessary to install Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 7 to the workstation (depending on the encryption algorithm).

To use the user authentication data obtained when logging in to Windows OS to establish connection, specify 1 in the registry parameter HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters\allowtgtsessionkey (for Windows Xp - SP2 HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\allowtgtsessionkey).

Note.jpgThe domain user must not be included in the group of local administrators or User Access Control must be disabled.

User Authentication in RadixWare Web Explorer

User Authentication by Certificate

When a user is authenticated by certificate in web interface, RadixWare Web Presentation Server transfers the user certificate in the EAS session creation request to the application server. The application server (RadixWare Server) validates the certificate and creates the response that is signed by the user certificate in the browser. The signature is verified by the application server; if the signature verification is successful, EAS session opens and the user logs in to the system.

If the browser does not support the facility to sign message by user certificate (or an error occurred in the course of this operation), the user is prompted to enter the account password.

The following browsers support the certificate authentication: Mozilla Firefox, Internet Explorer.

To use the authentication by certificate, perform the following settings:

  • In the configuration file containing the RadixWare Web Presentation Server startup parameters, define the values of the following parameters: keyStoreFile (path to the certificate storage), keyStorePwd (password to the certificates storage).
  • In the settings of EAS unit access point:
    • specify TLS in the Security protocol parameter
    • select the Required or Enabled in the Client certificates check parameter
  • For the user account, enable the authentication by certificate (to set up the account, go to RadixWare | Administration | Users).
  • Set up Apache Tomcat for using SSL protocol (for details, refer to Apache Tomcat documentation).
  • In the file describing the connections between web server and RadixWare Server, set the UseSslAuth parameter (tag <SSLOptions>) to true.

For details on RadixWare Web Presentation Server settings, refer to RadixWare Web Presentation Server. Administrator Guide.

  • Set up the browser for using the certificate authentication.


Mozilla Firefox Setup

To sign the message by the user certificate in the Mozilla Firefox browser, set the This certificate can identify mail users flag in the settings of certificate used to sing the user certificate (for details, refer to Mozilla Firefox documentation). When creating a signature, the following dialog box will be displayed:

Firefox sign.jpg


Internet Explorer Setup

To use the authentication by certificate in the Internet Explorer browser, install CAPICOM. To sign the message by the user certificate in the Internet Explorer, in the browser settings (Tools menu item | Internet Options | Security page), add the address of web interface to the list of trusted nodes (Trusted Sites zone) or in the security settings of the current zone, select Enable in the Allow previously unused ActiveX controls to run without prompt parameter:

Web cert ie1.jpg

When creating a signature, the user is prompted to confirm the access to the certificates and the operation of digital signature creation. To set up the automatic confirmation, in the security settings of the current zone, specify the Enable in the Initialize and script ActiveX controls not marked as safe for scripting parameter:

Web cert ie2.jpg

For details on the Internet Explorer security settings, refer to the respective documentation.

User Authentication by Kerberos Protocol

Follow the steps to set up the user authentication by Kerberos protocol:

setspn -A HTTP/<WEB SERVER DOMAIN NAME>@<KERBEROS REALM NAME> <service account name>.te file by running the following command: ktpass -out <path to file> -princ HTTP/<WEB SERVER DOMAIN NAME>@<KERBEROS REALM NAME> -mapUser <service account name> -kvno 0 -pass <service account password> -ptype KRB5_NT_PRINCIPAL.

    • for Linux OS: if MIT Kerberos is used, run the following commands to create the account and keytab file:

sudo kadmin.local -q "addprinc -randkey HTTP/<WEB SERVER DOMAIN NAME>@<KERBEROS REALM NAME>" sudo kadmin.local -q "ktadd -k <path to file> -e <encryption type>"

Note.jpgThe value of <WEB SERVER DOMAIN NAME> must match the address used to access the web interface.

Note.jpgThe created keytab file must be stored on web server.

  • In the section [WebPresentationServer] of configuration file containing the RadixWare Web Presentation Server startup parameters, specify the following:
    • in the krbAuthPolicy parameter, select the enabled or required
    • in the keyTabFile parameter, specify the full path to keytab file
    • in the wpsSpn parameter, specify the name of Web service account on the authentication server
  • In the file describing the connection between web server and RadixWare Server, specify the name of EAS service account on the authentication server (the Spn attribute of the <KerberosOptions> tag).

The further actions depend on the selected method of user authentication in RadixWare Web Explorer. It is possible to set up [automatic authentication-auth_web_kerberos_child.htm] or enable transferring of user account authentication data to RadixWare Web Presentation Server. To set up the second method, in the configuration file of RadixWare Web Presentation Server, select basic or radix in the remoteKrbAuth parameter. In this case, when establishing connection in the browser, the user is prompted to enter the name and password of the user account on the authentication server.

Note.jpgFor the security purposes, it is recommended to disable the transfer of account authentication data to RadixWare Web Presentation Server. This facility can be used only for the system debug.


Automatic Authentication Setup

When using Kerberos authentication, the password entry is not required to establish connection if the user has already passed authentication on a Kerberos server and the authentication data (user account login and password) are accessible. To enable this facility, the SPNEGO mechanism is used (Negotiate authentication), this mechanism allows to authenticate the system user on the web server (RadixWare Web Presentation Server). To establish the connection successfully, the user must be also authenticated on the applications server (RadixWare Server). There two ways to set up the user automatic authentication on applications server:

  • Without user rights delegation to web server-auth_web_kerberos_child.htm]. If this method is used, the applications server is authenticated on behalf of web server.

Note.jpgThis authentication method is a recommended one as it meets the security requirements.

  • With user rights delegation to web server-auth_web_kerberos_child.htm]. If this method is used, web server is authenticated on behalf of user.

It is also necessary to [set up browser-auth_web_kerberos_child.htm] where the RadixWare Web Explorer will run.

Note.jpgIt is possible to configure the system so that RadixWare Web Presentation Server passes the authentication on applications server using the Kerberos protocol and the user is authenticated by the certificate. To use this method:

    • in the section [WebPresentationServer] of configuration file (containing the RadixWare Web Presentation Server startup parameters), specify the fallbackToCertificateAuth parameter
    • set up [authentication by certificate-auth_web_cert.htm]; in the file describing connection between web server and RadixWare Server, set the UseSslAuth parameter (tag <SSLOptions>) to false.

How to set up authentication without delegation of rights to web server To set up such authentication method, write the keys of all used web servers to the keytab file of applications server (path to this file is specified in the Kerberos keys file (keytab file) parameter of the system instance settings):

  • For Windows OS: use the ktpass tool (included in the Windows Support Tools) to write the web server key to the existing keytab file. Run the following command:

ktpass -in <path to eas keytab file> -out <path to eas keytab file> -princ HTTP/<WEB SERVER HOST NAME>@<KERBEROS REALM NAME> -mapUser <service account name> -kvno 0 -pass <service account password> -ptype KRB5_NT_PRINCIPAL

Note.jpgThe value of the kvno parameter must be the same as the one specified when creating the keytab file for web server.

  • For Linux OS: use the ktutil tool to write the content of keytab file to another file. Run the following command:

$ ktutil ktutil: rkt <path to source keytab file> ktutil: wkt <path to destination keytab file> ktutil: q

How to set up authentication using delegation of rights to web server To permit the web server to authenticate on behalf of user, in the configuration file (containing the RadixWare Web Presentation Server startup parameters), specify the useDelegatedCredentials parameter and set up the authentication server. To set up the authentication server in Windows OS, perform the following actions in the Active Directory:

  • in the web server account settings, on the Delegation page, enable the Trust this user for delegation to any service (Kerberos only) option:

Web kerb sa1.jpg

  • in the account settings, on the Account page, disable the Account is sensitive and cannot be delegated flag:

Web kerb sa2.jpg

If MIT Kerberos is used in Linux OS, make sure that the forwardable is set to true (libdefaults section) in the Kerberos configuration file when registering user.

Setup of browser where RadixWare Web Explorer will run Mozilla Firefox Setup To use the authentication by Kerberos protocol in the Mozilla Firefox browser, go to the configuration parameters editing page (the page address - about:config) and in the network.negotiate-auth.trusted-uris configuration parameter, specify the address to access the web interface. To use the delegation of rights, in the network.negotiate-auth.delegation-uris parameter, specify the address to access the web interface. For details, refer to Mozilla Firefox.

Google Chrome Setup To use the authentication by Kerberos protocol in the Google Chrome browser, specify the application startup parameter: --auth-server-whitelist="<address to access web interface>". To use the delegation of rights, specify the application startup parameter: --auth-negotiate-delegate-whitelist="<address to access web interface>". For details, refer to Google Chrome documentation.

Microsoft Internet Explorer Setup To use the authentication by Kerberos protocol in the Internet Explorer browser, perform the following settings in the browser settings (Tools | Internet Options menu item):

  • On the Security page, add the address to access web interface to Local intranet zone and select the Automatic logon only in Intranet zone in the Logon parameter (the security settings of Local intranet):

Web kerb ie1.jpg

  • On the Advanced page, set the Enable Integrated Windows Authentication flag:

Web kerb ie2.jpg

For details, refer to Internet Explorer documentation.