Configure Master Password

With the Site Administrative privileges, you can generate a master password and use it along with any user name registered with the TeamForge.

You can create an authentication profile for master password users in Auth Manager. Impersonation is not supported in TeamForge but the master password feature facilitates any user in TeamForge, irrespective of the roles, to login as another user if they have a valid master password.

The Site Admin needs to generate the password through scripts and configure the authentication user profile using Auth Manager. It is important to have this configured for a web-based SSO system.

  1. On the commad-line interface, login to TeamForge as a root user to generate the master password.
  2. Navigate to the new add-ons directory.

    cd /opt/collabnet/teamforge/add-ons/ctf_authentication_manager

  3. Set the master password.

    ./mpasswd.sh

  4. Enter the password and re-enter when prompted for confirmation.
    Note: Ensure that the password is masked while entering it. Also keep the master password confidential and share it with authenticated users on demand. It is a good practice to keep changing the master password frequently.
  5. Log on to the TeamForge as a site administrator and go to the look project.
  6. From the project navigation bar, click AUTH MANAGER.
  7. From the Main Menu pane on the left, click Create Profile.
    Fastpath: In the Manage Existing Profiles page, if you do not find the desired one in the list of existing authentication profiles, you can click New Profile and proceed.
  8. On the Create Authentication Profile page, select MasterPassword from the drop-down list.
  9. Enter an appropriate name for the new MasterPassword user profile.
  10. Set the Jboss flag that determines the behaviour of the control flag with multiple login-modules.
    • Sufficient: The login-module is not required to succeed. If it does succeed, control immediately returns to the application (authentication does not proceed down the login-module list). If it fails, authentication continues down the login-module list.
    • Optional: The login-module is not required to succeed. If it succeeds or fails, authentication still continues to proceed down the login-module list.
    • Required: The login-module is required to succeed. If it succeeds or fails, authentication still continues to proceed down the login-module list.
  11. Click Create. The confirmation message, The authentication profiles have been imported. Activate the profiles to apply to TeamForge authentication, appears.
    Remember: The newly created profile is listed under Authentication Profiles in the Manage Existing Profile page. It is now inactive and the status indicator is yellow. You must activate the newly created user profile.
    Tip: Before you create any profiles using Auth Manager, you may see an inactive auto-imported TeamForgeDatabase profile appearing under Authentication Profiles. It is recommended to delete the Auto-imported UsernamePasswordInDatabaseLoginModule after creating and activating your first profile. Because the subsequent login and authentication request pass only through the active profile(s).