Clarity LIMS
Illumina Connected Software
Clarity LIMS v6.3 & Lablink v2.5
Clarity LIMS v6.3 & Lablink v2.5
  • Release Notes Clarity LIMS v6.3
    • Release Notes Clarity LIMS v6.3.1
    • Release Notes Clarity LIMS v6.3.0
  • Technical Overview
    • Technical Requirements
  • Installation
    • Installation Procedure
    • Guide to Secret Management
    • Install/Upgrade Secret Management for Integration Modules
    • Change the Clarity LIMS Hostname
    • Update Server Passwords and Database Connection Details
  • On-Premise Deployments
    • Pre-installation Requirements
      • Install a Purchased SSL/TLS Certificate
      • Configure Your HashiCorp Vault
    • On Premise to On Premise Upgrade Procedures
    • On Premise to On Premise In-place Upgrade Procedures
    • On Premise to Hosted Upgrade Procedures
    • Hosted to On Premise Upgrade Procedures
  • Administration
    • Database Cleanup Procedure
    • Backup and Restore Procedure
    • Receiving and Decrypting Cloud Backup Data
    • LDAP Integration
      • Using the LDAP Checker Tool
    • Illumina Connected Software Platform Integration
    • Clarity LIMS Log Files
    • Customize the Term Used for Projects
    • Enforcing Unique Sample Names Within a Project
    • Container Name Uniqueness
    • Configure Electronic Signatures
    • Creating Enrypted Passwords
    • Config Slicer Tool
      • Managing Configurations with Config Slicer
      • Upgrading a configuration package/manifest file for compatibility with Config Slicer v3.0.x
      • Config Slicer Use Cases
      • Troubleshooting Config Slicer
    • Audit Trail
      • Enabling, Validating and Disabling Audit Trail
    • System Settings
    • Automation Worker Nodes
      • Troubleshooting Automation Worker
  • Clarity LIMS v6.3 Reference Guide
    • Dashboards
      • Overview Dashboard
      • Projects Dashboard
    • Projects and Samples
      • Projects
      • Samples Accessioning
        • Sample List for Batch Import
        • Guidelines and Tips for Batch Sample Import
      • Assign and Process Samples
    • Lab View
      • Requeue and Rework Samples
      • Storing Sample Aliquots for Later Use
      • Modifying Completed Step Details
      • Alert Notifications
    • Configuration
      • Lab Work
        • Steps and Master Steps
          • Step Milestones
          • Derived Sample Naming Convention Tokens
        • Protocols
        • Workflows
      • Consumables
        • Reagents
          • Reagent Kit Lot Manifest for Batch Import
        • Controls
        • Instruments
        • Labels
        • Containers
      • Custom Fields
      • User Management
        • Manage User Access
        • User Roles
        • Configured Role-Based Permissions
        • User and Profile Page
      • Automations
        • Automation Trigger Configuration
        • Copy Custom Fields from Step Input to Output
        • Template Files Associated With Automations
    • Automated Quality Control
      • Configure a QC System
    • Search
      • Basic Search
      • Advanced Search
    • Genealogy View
    • System Performance
      • Queue Performance and Usability
      • Demultiplexing API Endpoint Performance
    • Terms and Definitions
  • LabLink v2.5 Reference Guide
    • Project
      • Email Notifications for Notes
    • Resource Materials & Contact Us
    • Users
    • Configuration
    • Publishing Files and Progress
Powered by GitBook
On this page
  • Providing Information about your LDAP Implementation
  • Supported LDAP Servers
  • Access and Changes
  • Provisioning Users
  • Caching User Authentication Results from your LDAP Server
  • Setting the api.session.Timeout Property
  • Including the HTTP Authorization Request Header and Session Cookie

Was this helpful?

Export as PDF
  1. Administration

LDAP Integration

If you use, or would like to use, an LDAP server to consolidate directory services, it is possible to integrate LDAP with Clarity LIMS.

The Clarity LIMS LDAP solution allows for the following features:

  • User name and password authentication against LDAP to govern access to Clarity LIMS.

  • Ongoing unidirectional synchronization of user information (such as first name, last name, title, phone, fax, and email) from LDAP to Clarity LIMS. For example, if your telephone number is changed in the LDAP directory, the information is pushed down to Clarity LIMS, keeping contact information current.

  • Automated unidirectional provisioning of user accounts from LDAP to Clarity LIMS. For example, adding a user to a particular group within the LDAP directory automatically results in a local account with LDAP authentication being added to Clarity LIMS.

Providing Information about your LDAP Implementation

Our Field Application Specialist (FAS) team meets with you to discuss the current LDAP implementation. In preparation for this meeting, collect the following information:

  • The type of provisioning you would like to use to synchronize Clarity LIMS with LDAP (automatic or manual).

  • A list of the LDAP attributes the current system uses to record the following user properties: first name, last name, title, phone number, fax number, and e‐mail address.

NOTE: When integrating Clarity LIMS with LDAP, the LIMS database and the LDAP directory remain as separate and distinct entities.

Supported LDAP Servers

Clarity LIMS is tested with the following LDAP servers:

  • ApacheDS 1.5 and later

  • Microsoft Active Directory (Windows Server 2003 or later)

  • OpenLDAP 2.3.35 and later

Access and Changes

While user provisioning and authentication are handled with LDAP, a Clarity LIMS system administrator completes the following steps:

  1. Determine the level of access that a user requires.

  2. Modify the userʹs account within the LIMS to provide that access.

Once an LDAP integration with Clarity LIMS is established, all changes to user profiles must be made from the LDAP server.

Provisioning Users

Only automatic user provisioning is available.

With automatic user provisioning, Clarity LIMS users are created automatically by a provisioning tool that periodically synchronizes the LDAP server with the LIMS.

To make use of the LDAP directory services, Clarity LIMS maps to specific LDAP attributes within a defined schema.

However, the directory structure used can vary among installations. Our Field Applications Specialist (FAS) team work with you to complete the following items:

  • Analyze a specific LDAP solution and directory organization or assist with the selection and initial configuration of an LDAP service.

  • Discuss the user elements that will be synchronized between the LDAP service and Clarity LIMS systems.

  • Configure LDAP to connect to your Clarity LIMS systems.

Caching User Authentication Results from your LDAP Server

User authentication is handled in the Clarity LIMS.

In previous versions of Clarity LIMS, a few customers reported slow response time for the REST API when using LDAP users for authentication. As of Clarity LIMS v5.2.x / v4.3.x, the REST API response time has improved by introducing a new feature that caches user authentication results through a new property (api.session.timeout).

To make use of the new feature, do the following actions:

  • Make sure that api.session.timeout property is set.

  • Include the HTTP Connection & Authorization request headers and session cookie in the HTTP request.

Setting the api.session.Timeout Property

Stored in the Clarity LIMS database table, the api.session.timeout property allows you to specify the period of time for which a user's session should persist, after they have been authenticated.

This property is set during installation or upgrade of the LIMS. The default value is 5 minutes. If necessary, update the value using the omxprops-ConfigTool.jar tool at the following location:

/opt/gls/clarity/tools/propertytool

For example:

$ java -jar /opt/gls/clarity/tools/propertytool/omxprops-ConfigTool.jar
set -y api.session.timeout '15'

For this configuration to take effect, stop and restart Tomcat:

service clarity_tomcat stop
service clarity_tomcat start

Including the HTTP Authorization Request Header and Session Cookie

To persist user authentication, the HTTP request must contain the following HTTP request headers:

  • Request Header

    • Connection: Keep-Alive

    • Authorization: Basic <credentials>

The HTTP request headers are required for the initial request, and for any subsequent request to get a valid JSESSIONID. Additional scenarios are described in the following table.

To make sure that a valid authenticated session is provided if the cookie in the request has expired, also provide the following JSESSIONID cookie:

  • Cookie

    • JSESSIONID=<a valid JSESSIONID from the initial request>

The following table lists the various combinations of HTTP Authorization request header and JSESSIONID cookie and their expected result. It assumes that the HTTP Connection request header is provided for all scenarios.

Clarity LIMS version
Authorization
JSESSIONID
Expected Result

v5.2.x and later, and v4.3.x

Present

Present (Valid)

Open API does not perform the user authentication and responds with requested resources.

Present

Present (Invalid)

Open API performs the user authentication depending on whether the account is in the database or LDAP server, and responds with requested resources.

Absent

Present (Valid)

Open API does not perform the user authentication and responds with requested resources.

Absent

Present (Invalid)

Open API responds with HTTP Status 401 - Unauthorized.

Absent

Absent

Open API responds with HTTP Status 401 - Unauthorized.

PreviousReceiving and Decrypting Cloud Backup DataNextUsing the LDAP Checker Tool

Last updated 9 months ago

Was this helpful?