HELP FILE
How do I configure LastPass Universal Proxy with the server.properties configuration file without using the CLI tool?
Before you begin: Check
How do I set up LastPass Universal Proxy? for information on downloading and installing LastPass Universal Proxy.
About this task:
Note: This feature requires an account with the LastPass Business + Advanced MFA add-on. How do I upgrade my LastPass Business account with an add-on?
Important: In order to use LastPass Universal Proxy 4.x, an Active Directory Connector must be installed and an Active Directory must be present.
Note:
Tip:
Note: This feature requires an account with the LastPass Business + Advanced MFA add-on. How do I upgrade my LastPass Business account with an add-on?
Important: In order to use LastPass Universal Proxy 4.x, an Active Directory Connector must be installed and an Active Directory must be present.
Note: We recommend using the CLI tool when configuring Universal Proxy for the first time, as it generates an initial version of the server.properties file. This file is human-readable. Therefore, for further configurations you can edit the server.properties configuration file with any of your text editors.
Also, if you made a mistake when editing the configuration file, you can always start fresh from the CLI tool, and create a new one.
Tip:
- To check the current content of the server.properties file without the sensitive data, open PowerShell and execute the following command:
uproxy -showConfig - To open the server.properties file in the default text editor, open PowerShell and execute the following command:
uproxy -editConfig
For more information on the configuration settings, see How do I configure LastPass Universal Proxy using command line interface (CLI)?.
- Save the server.properties file.
The server-template.properties file in C:\Program Files\LastPass\Universal Proxy\conf contains all the possible attributes and their descriptions.
### ### This configuration file contains the settings for the Universal Proxy. ### It has four sections ### * Server settings ### * LastPass API settings ### * LDAP settings ### * RADIUS settings ### Fill Server settings and LastPass API settings first. Then fill LDAP settings if you plan to use ### Universal Proxy using LDAP or LDAPS or fill RADIUS settings if you are going to use RADIUS. ### If a value is not applicable for your case leave it as it is. ### For further information see the online documentation: ### https://support.lastpass.com/help/what-is-lastpass-universal-proxy ### ### Note, that it is also possible to configure Universal Proxy using the command line tool. ### Issue the following command in PowerShell to start the command line configuration tool: ### uproxy -configurationTool ### Online documentation for the configuration tool: ### https://support.lastpass.com/help/how-do-i-configure-the-lastpass-universal-proxy-via-command-line ### ####################################### ####################################### ### ### ### Universal Proxy Server settings ### ### ### ####################################### ####################################### ## ## Server settings: set these values to configure how the Universal Proxy handles incoming authentication ## requests. Choose the authentication protocol (LDAP, LDAPS or RADIUS), specify the ports and domains and ## set the server mode (LP, PLP, SFA). ## For an explanation about server modes see the documentation: ## https://support.lastpass.com/help/what-is-lastpass-universal-proxy#server_modes ## # The protocol to authenticate users. [LDAP | LDAPS | RADIUS] server.protocol= # The mode in which Universal Proxy should run [LP | PLP | SFA]. server.mode= # The port on which Universal Proxy listens on. server.port= #Accounting port is used if Radius protocol is selected. #The accounting port Universal Proxy listens on. server.accounting.port= # The name of your company. This value appears to end users in the MFA app. company.name= # The name of your company. This value appears to end users in the MFA app. company.name= ################################################################# ################################################################# ### ### ### Authentication server settings: Common Login Service ### ### ### ################################################################# ################################################################# ## ## cli.cls.integration.key= cli.cls.integration.secret= default.cls.auth.method= ################################################### ################################################### ### ### ### Authentication server settings: LDAP server ### ### ### ################################################### ################################################### ## ## LDAP settings: set these values to configure Universal Proxy to be able to communicate with a LDAP server. ## Leave these values blank if you are not planning to use Universal Proxy for LDAP authentication. ## The ldap.admin.password field is applicable only if the server mode is LP. ## The ldap.address, ldap.port and ldap.tls fields can only be used if the server mode is either PLP or SFA. ## For an explanation about server modes see the documentation: ## https://support.lastpass.com/help/what-is-lastpass-universal-proxy#server_modes ## For the current server mode see the value of the server.mode variable in this file. ## Leave any value blank which is not applicable for your current setup. ## # The address of the AD. Applies to server modes: [PLP | SFA] ldap.address= # The port on which the AD expects authentication messages (default: LDAP: 389, LDAPS: 636). Applies to server modes: [PLP | SFA] ldap.port= # The distinguished name of the LDAP admin user. Example: CN=admin,CN=Users,DC=domain,DC=com ldap.admin= # The password of the LDAP admin user. Applies to server modes: [LP] only. ldap.admin.password= # LDAP naming attribute: the name of the LDAP field in which the Windows user logon name is stored. Possible values: [cn | uid | userPrincipalName | sAMAccountName] # ldap.attribute.login=sAMAccountName ldap.attribute.login= # Password of the Keystore and Truststore files containing the SSL certificates. Applies only if you chose LDAPS protocol in Universal Proxy Server settings. keystore.password= ##################################################### ##################################################### ### ### ### Authentication server settings: Radius server ### ### ### ##################################################### ##################################################### ## ## RADIUS settings: set these values to configure Universal Proxy to be able to communicate with a real RADIUS server. ## Leave these values blank if you are not planning to use Universal Proxy for RADIUS authentication. ## Note, that radius.server.address and radius.server.port are values which have to be filled only if the ## server mode is either PLP or SFA. ## For an explanation about server modes see the documentation: ## https://support.lastpass.com/help/what-is-lastpass-universal-proxy#server_modes ## For the current server mode see the value of the server.mode variable in this file. ## Leave any value blank which is not applicable for your current setup. ## # The address of the RADIUS server. Applies to server modes: [PLP | SFA] radius.server.address= # The port on which the RADIUS server expects the authentication messages (1812 by default). Applies to server modes: [PLP | SFA] # radius.server.port=1812 radius.server.port= # The accounting port of the Radius server. # radius.server.accounting.port=1813 radius.server.accounting.port= # The RADIUS secret. radius.secret= #RADIUS Ldap authentication radius.ldap.auth.enabled=
Important: The maximum length of the sAMAccountName is 20 characters.