Skip to content

Server Access

This page shows how to restrict access to Xtract Universal's built in web server to Windows AD users or custom users. Access restrictions on the web server ensure that only dedicated users can execute extractions. Windows AD credentials or credentials of a custom user must be submitted when running an extraction.

Activate TLS Encryption

Access restrictions require users to access the web server through an https connection (TLS encryption). This requires the installation of an X.509 certificate. If the certificate is not listed in the Windows certificate store, install the X.509 certificate.

  1. Open Server > Settings from the main window of the Designer.
    security-manage-users

  2. In the tab Web Server tab, select one of the following protocols:

    • HTTPS - Restricted to AD users with Designer read access
    • HTTPS - Restricted to custom users with Designer read access

    webserver settings

  3. Click [Select X.509 certificate]. The "Edit certificate location" window opens.

  4. Select the X.509 certificate created for your machine under Local Machine > Personal.
    certificate-edit-location
  5. Click [OK] to confirm your input. The window closes.
  6. Optional: Change the port number of the HTTPS port.
  7. Click [OK] to confirm your input. If prompted, restart the server.

Restrict Access to Windows AD Users (Kerberos Authentication)

Follow the steps below to limit the execution of extractions to users that pass Windows AD credentials, when calling extractions. The caller must have at least Read access to the Designer.

  1. Assign a Windows service account under which the Xtract Universal service runs, see Change Service Account.
  2. Activate TLS encryption.
    WebServerSettings_https
  3. Open Server > Settings from the main window of the Designer.
    security-manage-users
  4. In the tab Web Server, select HTTPS - Restricted to AD users with Designer read access.
  5. In the tab Configuration Server, add the custom users or groups that are allowed to execute extractions. For more information, see Designer Access.
    ConfigurationServerSettings_
  6. Assign at least Read permission to the Windows AD users.
  7. Close all windows with [OK]. If prompted, restart the server.

Note

This type of authentication uses Kerberos authentication via SPNEGO. NTLM is not supported.

Restrict Access to Custom Users (Basic Authentication)

Follow the steps below to limit the execution of extractions to users that pass custom credentials, when calling extractions. The custom user must have at least Read access to the Designer.

  1. Activate TLS encryption.
  2. Open Server > Settings from the main window of the Designer.
    security-manage-users
  3. In the tab Web Server, select HTTPS - Restricted to custom users with Designer read access.
  4. In the tab Configuration Server, add the custom users or groups that are allowed to execute an extraction. For more information, see Designer Access.
    ConfigurationServerSettings_
  5. Assign at least Read permission to the custom users.
  6. Close all windows with [OK]. If prompted, restart the server.

Note

For information on how to call an extraction with Basic Authentication using the xu.exe, see Basic Authentication via Commandline.

Last update: July 12, 2024