Articles in this section

Related articles

6.7 Authentication in i2b2

Avatar
Peter Rice
  • Updated
Follow

6.7 Authentication in i2b2

Currently there are three methods of authentication supported by the i2b2.

  1. Standard i2b2 Authentication
  • In this method the i2b2 users are setup in the i2b2 Admin and are stored in the PM Cell.
  • The users are authenticated using the PM services.
  • Users log into the i2b2 using their i2b2 user id and password.
  • Other than setting up your users and projects, this method does not require any additional configuration.
  1. Active Directory (AD) Services
  • In this method i2b2 users are authenticated using a domain controller in a Windows type of network.
  • Users log into the i2b2 using their Windows network id and password.
  • Additional parameters are required in order to use this authentication method. See the section titled Active Directory Authentication for steps on setting up this method.
  1. Lightweight Directory Access Protocol (LDAP)
  • In this method i2b2 users are authenticated over an Internet Protocol (IP) network.
  • Users log into the i2b2 using the same id and password they currently use to log into other applications in your network.
  • Additional parameters are required in order to use this authentication method. See the section titled LDAP Authentication for steps on setting up this method.

Depending on which authentication method you want to use you can proceed to one of the following sections:

  • Active Directory Authentication
  • LDAP Authentication

6.7.1 Active Directory Authentication

There are a few parameters that need to be defined in the i2b2 Admin if you want to use Active Directory services as your i2b2 authentication method. The required parameters are listed in the following table.

 

Parameter Name

Values

Required

authentication_method

NTLM

Yes

domain

Example: i2b2.org

Yes

domain_controller

Example: pdc.i2b2.org

Yes


In the i2b2 there are different types of parameters that can be defined.

 

Individual users login using Active Directory services

  • In this scenario not all users are affected.
    • Only those users who have the parameters defined with be required to use their domain (network) id and password to log into i2b2 Web Client, Workbench and Admin (if they have access).
    • Users who do not have the parameters defined will login using the standard i2b2 authentication method.
  • Type of Parameter: User parameter
    • The parameters are defined on the user level.
    • User parameters only affect the user in which they are entered on.

 

Note

For those who are not familiar with the i2b2 Admin, here is a quick note on how to navigate around the pages.

For the most part, the i2b2 Admin is comprised of two panels.

The panel on the left is the Navigation panel and contains a number of items that are displayed in a hierarchical tree. These items are grouped together based on their function. (Manage Hive, Manage Cells, Manage Projects, Manage Users)

The information that displays in the panel on the right is driven by whatever item is selected in the Navigation panel. If you click on Manage Users the Manage Users page will display on the right. If you click on a user name in the Navigation panel the Edit User page will display.

 

Steps to Setup Active Directory Parameters


Assumption: The following steps assume you are already logged into the i2b2 Administration Module. If you do not know how to login please see the chapter titled i2b2 Administration Module Install.

 

Warning

The below steps are written for adding a user parameter. If you wish to add a hive parameter you can interchange the first three steps with the following two steps:

  1. In the Navigation panel, expand Manage Hive to display a list of items.
  2. Click on Global Params.

At this point the steps for adding a parameter are the same so can continue entering you parameters by jumping to the 4th step.

 

  1. In the Navigation panel, expand Manage Users to display a list of users.
    ADMIN_navPanel_users.png
  2. Expand the name of the user you want to configure for Active Directory Authentication.
  3. Click on the Params option that displays under the user's name.
  4. The Parameters List page will display on the right side of the window pane.
    ADMIN_usersParamList_1.png
  5. Click on Add New Parameter. The Enter Parameter page will display.
    ADMIN_parameter_addNew.png
  6. Enter the following parameter to define the method of authentication.

Parameter Name: authentication_method

Parameter Value: NTLM

Parameter Data Type: Text

  1. Click on Save to save the new parameter.
  2. The Parameters List page will display with the new parameter.
Note
The Navigation panel will not automatically refresh to display the new parameter. If you wish to update the list in the Navigation panel you can click on Params and it will refresh the hierarchical tree.
  1. In the Parameters List page click on Add New Parameter to enter another parameter.
  2. Enter the following parameter for the PDC domain of your company's NT domain.

Parameter Name: domain

Parameter Value: YOUR_PDC_DOMAIN

Parameter Data Type: Text

  1. Click on Save to save the new parameter.
  2. In the Parameters List page click on Add New Parameter to enter another parameter.
  3. Enter the following parameter for the connection URL of your company's NT domain.

Parameter Name: domain_controller

Parameter Value: YOUR_NT_IP/HOST_DOMAIN

Parameter Data Type: Text

  1. Click on Save to save the new parameter.
  2. The Parameters List page will display all the new parameters you have entered.
  3. In the Navigation panel click on Params to refresh the hierarchical tree and display the new parameters.

6.7.2 LDAP Authentication

There are a number of parameters that need to be defined in the i2b2 Admin if you want to use LDAP services as your i2b2 authentication method. These parameters are listed in the following table.

 

Parameter Name

Values

Required

authentication_method

LDAP

Yes

connection_url

Example: ldap://ldap.server.company.com:389

Yes

search_base

Example: OU=People, DC=company, DC=com

Yes

distinguished_name

"cuser", "dn:", "uid="

Yes

security_authentication

"none", "simple", "DIGEST-MD5", "CRAM-MD5", "EXTERNAL"

Yes

ssl

"true"

No

security_layer

"auth-conf", "auth-int", "auth-conf,auth-int", "auth-int,auth-conf"

No

privacy_strength

"high", "medium", "low", "high,medium", "high,low", "medium,low"

No

max_buffer

"65536"

No
       



In the i2b2 there are different types of parameters that can be defined.

 

Individual users login using LDAP authentication

  • In this scenario not all users are affected.
    • Only those users who have the parameters defined with be required to use their network id and password to log into i2b2 Web Client, Workbench and Admin (if they have access).
    • Users who do not have the parameters defined will login using the standard i2b2 authentication method.
  • Type of Parameter: User parameter
    • The parameters are defined on the user level.
    • User parameters only affect the user in which they are entered on.

 

Note

For those who are not familiar with the i2b2 Admin, here is a quick note on how to navigate around the pages.

For the most part, the i2b2 Admin is comprised of two panels.

The panel on the left is the Navigation panel and contains a number of items that are displayed in a hierarchical tree. These items are grouped together based on their function. (Manage Hive, Manage Cells, Manage Projects, Manage Users)

The information that displays in the panel on the right is driven by whatever item is selected in the Navigation panel. If you click on Manage Users the Manage Users page will display on the right. If you click on a user name in the Navigation panel the Edit User page will display.

 

Steps to Setup LDAP Parameters

Assumption: The following steps assume you are already logged into the i2b2 Administration Module. If you do not know how to login please see the chapter titled i2b2 Administration Module Install.

Warning

The below steps are written for adding a user parameter. If you wish to add a hive parameter you can interchange the first three steps with the following two steps:

  1. In the Navigation panel, expand Manage Hive to display a list of items.
    2. Click on Global Params.

At this point the steps for adding a parameter are the same so can continue entering you parameters by jumping to the 4th step.

 

  1. In the Navigation panel, expand Manage Users to display a list of users.
    ADMIN_navPanel_users.png
  2. Expand the name of the user you want to configure for LDAP Authentication.
  3. Click on the Params option that displays under the user's name.
  4. The Parameters List page will display on the right side of the window pane.
    ADMIN_usersParamList_1.png
  5. Click on Add New Parameter. The Enter Parameter page will display.
    ADMIN_parameter_addNew.png
  6. Enter the following parameter to define the method of authentication.

Parameter Name: authentication_method

Parameter Value: LDAP

Parameter Data Type: Text

  1. Click on Save to save the new parameter.
  2. The Parameters List page will display with the new parameter.
Note
The Navigation panel will not automatically refresh to display the new parameter. If you wish to update the list in the Navigation panel you can click on Params and it will refresh the hierarchical tree.
  1. In the Parameters List page click on Add New Parameter to enter another parameter.
  2. Enter the following parameter for the connection URL of your company's LDAP server.

Parameter Name: connection_url

Parameter Value: <ldap://ldap.company.com:389>

Parameter Data Type: Text

Important
These tags < > are used to indicate the value within them is an example. You will need to replace it with the value that is appropriate for your environment.
  1. Click on Save to save the new parameter.
  2. In the Parameters List page click on Add New Parameter to enter another parameter.
  3. Enter the following parameter.

Parameter Name: search_base

Parameter Value: <OU=People,DC=company,DC=com>

Parameter Data Type: Text

Important
These tags < > are used to indicate the value within them is an example. You will need to replace it with the value that is appropriate for your environment.
  1. Click on Save to save the new parameter.
  2. In the Parameters List page click on Add New Parameter to enter another parameter.
  3. Enter the following parameter.

Parameter Name: distinguished_name

Parameter Value: <uid=>

Parameter Data Type: Text

Important
These tags < > are used to indicate the value within them is an example. You will need to replace it with the value that is appropriate for your environment.
  1. Click on Save to save the new parameter.
  2. In the Parameters List page click on Add New Parameter to enter another parameter.
  3. Enter the following parameter.

Parameter Name: security_authentication

Parameter Value: <simple>

Parameter Data Type: Text

Important
These tags < > are used to indicate the value within them is an example. You will need to replace it with the value that is appropriate for your environment.
  1. Click on Save to save the new parameter.
  2. The Parameters List page will display all the new parameters you have entered.
Important
For DIGEST-MD5, add the optional settings for the security layer, privacy strength, or max buffer. If these values are not set, the default values will be used.
  1. Once you have finished entering all the parameters you can click on Params in the Navigation panel.
  2. The hierarchical tree will refresh ad display the new parameters.

Comments

0 comments

Please sign in to leave a comment.