on 11-14-2018 4:31 PM
Hi colleagues-
Interesting business issue from one of our customers.
We run a multi-tenant environment. The Launchpad is open to the world wide web to support many tenants all across the USA.
This particular tenant (identified by the first three letters of the user's login name), only wants their employees logging into Launchpad from their corporate office. They are trying to force their employees to control their work-life balance.
Business logic is:
If, when click Login, Username starts with 'ABC' and IP Address NOT IN (10.2.1.5,10.2.1.6,10.2.1.7) then prevent the user from logging in.
Is just business logic possible with login.jsp or custom.jsp?
you're right, I overlooked that. you'll need to use something like siteminder or a pre-BOE login page to get user details, then evaluate it against the rules and then either let it go thru BOE login or not.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
If you can write code that will pull user IP and name from a form and then compare it to values from some table that contains IP ranges and user names, then probably yes.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
if customers who want to do this supply you with IP range, you don't need to collect everyone's IP's, since when anyone tries to access your network exposes the IP, you can just filter on that.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I'm sorry I'm not following your logic 🙂
We only want to allow that customer in if they are coming in through a certain IP range. They would provide us with the five IP's of their corporate office. They do not want that customer coming in if they are coming in from home, Starbucks, etc.
If on the firewall we only allow the 5 IP addresses, this will restrict all other 120 customers from getting in as they are all on different IP addresses.
as I can't comment on your comment, I have to post this as another answer 😞
You don't really need to know the actual user - as long as user is from correct IP range - user sees login screen, if user is not from IP range, user sees static page branded by that customer that says - we do not want you to work if you're not in our office 🙂
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I don't think it will be possible to implement at BOE level (login.jsp/custom.jsp) - this needs to be done at the proxy that controls access to the Launchpad ( I do hope you're not exposing tomcat that hosts Launchpad directly to internet).
On that proxy or router/switch you can set a rule that users not in that IP range can't access the site at all.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
96 | |
11 | |
11 | |
10 | |
9 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.