HELP FILE
How do I configure LastPass Universal Proxy with the server.properties configuration file without using the CLI tool?
After you have installed LastPass Universal Proxy for the first time, it must be configured before use. You can configure LastPass Universal Proxy using either the CLI tool or editing the server.properties configuration file in a text editor. In the following we provide a step-by-step guide on how to do the configuration with the server.properties file.
Before you begin: Check
How do I set up LastPass Universal Proxy? for information on downloading and installing LastPass Universal Proxy.
Note: This feature requires an account with the LastPass Business + Advanced MFA add-on. How do I upgrade my LastPass Business account with an add-on?
Important: In order to use LastPass Universal Proxy 4.x, an Active Directory Connector must be installed and an Active Directory must be present.
Note: We recommend using the CLI tool when configuring Universal Proxy for the first time, as it generates an initial version of the server.properties file. This file is human-readable. Therefore, for further configurations you can edit the server.properties configuration file with any of your text editors.
Also, if you made a mistake when editing the configuration file, you can always start fresh from the CLI tool, and create a new one.
Tip:
- To check the current content of the server.properties file without the sensitive data, open PowerShell and execute the following command:
uproxy -showConfig - To open the server.properties file in the default text editor, open PowerShell and execute the following command:
uproxy -editConfig
For more information on the configuration settings, see How do I configure LastPass Universal Proxy using command line interface (CLI)?.
- Save the server.properties file.
The server-template.properties file in C:\Program Files\LastPass\Universal Proxy\conf contains all the possible attributes and their descriptions.
### ### This configuration file contains the settings for the Universal Proxy. ### It has four sections ### * Server settings ### * LastPass API settings ### * LDAP settings ### * RADIUS settings ### Fill Server settings and LastPass API settings first. Then fill LDAP settings if you plan to use ### Universal Proxy using LDAP or LDAPS or fill RADIUS settings if you are going to use RADIUS. ### If a value is not applicable for your case leave it as it is. ### For further information see the online documentation: ### https://support.lastpass.com/help/what-is-lastpass-universal-proxy ### ### Note, that it is also possible to configure Universal Proxy using the command line tool. ### Issue the following command in PowerShell to start the command line configuration tool: ### uproxy -configurationTool ### Online documentation for the configuration tool: ### https://support.lastpass.com/help/how-do-i-configure-the-lastpass-universal-proxy-via-command-line ### ####################################### ####################################### ### ### ### Universal Proxy Server settings ### ### ### ####################################### ####################################### ## ## Server settings: set these values to configure how the Universal Proxy handles incoming authentication ## requests. Choose the authentication protocol (LDAP, LDAPS or RADIUS), specify the ports and domains and ## set the server mode (LP, PLP, SFA). ## For an explanation about server modes see the documentation: ## https://support.lastpass.com/help/what-is-lastpass-universal-proxy#server_modes ## # The protocol to authenticate users. [LDAP | LDAPS | RADIUS] server.protocol= # The mode in which Universal Proxy should run [LP | PLP | SFA]. server.mode= # The port on which Universal Proxy listens on. server.port= #Accounting port is used if Radius protocol is selected. #The accounting port Universal Proxy listens on. server.accounting.port= # The name of your company. This value appears to end users in the MFA app. company.name= # The name of your company. This value appears to end users in the MFA app. company.name= ################################################################# ################################################################# ### ### ### Authentication server settings: Common Login Service ### ### ### ################################################################# ################################################################# ## ## cli.cls.integration.key= cli.cls.integration.secret= default.cls.auth.method= ################################################### ################################################### ### ### ### Authentication server settings: LDAP server ### ### ### ################################################### ################################################### ## ## LDAP settings: set these values to configure Universal Proxy to be able to communicate with a LDAP server. ## Leave these values blank if you are not planning to use Universal Proxy for LDAP authentication. ## The ldap.admin.password field is applicable only if the server mode is LP. ## The ldap.address, ldap.port and ldap.tls fields can only be used if the server mode is either PLP or SFA. ## For an explanation about server modes see the documentation: ## https://support.lastpass.com/help/what-is-lastpass-universal-proxy#server_modes ## For the current server mode see the value of the server.mode variable in this file. ## Leave any value blank which is not applicable for your current setup. ## # The address of the AD. Applies to server modes: [PLP | SFA] ldap.address= # The port on which the AD expects authentication messages (default: LDAP: 389, LDAPS: 636). Applies to server modes: [PLP | SFA] ldap.port= # The distinguished name of the LDAP admin user. Example: CN=admin,CN=Users,DC=domain,DC=com ldap.admin= # The password of the LDAP admin user. Applies to server modes: [LP] only. ldap.admin.password= # LDAP naming attribute: the name of the LDAP field in which the Windows user logon name is stored. Possible values: [cn | uid | userPrincipalName | sAMAccountName] # ldap.attribute.login=sAMAccountName ldap.attribute.login= # Password of the Keystore and Truststore files containing the SSL certificates. Applies only if you chose LDAPS protocol in Universal Proxy Server settings. keystore.password= ##################################################### ##################################################### ### ### ### Authentication server settings: Radius server ### ### ### ##################################################### ##################################################### ## ## RADIUS settings: set these values to configure Universal Proxy to be able to communicate with a real RADIUS server. ## Leave these values blank if you are not planning to use Universal Proxy for RADIUS authentication. ## Note, that radius.server.address and radius.server.port are values which have to be filled only if the ## server mode is either PLP or SFA. ## For an explanation about server modes see the documentation: ## https://support.lastpass.com/help/what-is-lastpass-universal-proxy#server_modes ## For the current server mode see the value of the server.mode variable in this file. ## Leave any value blank which is not applicable for your current setup. ## # The address of the RADIUS server. Applies to server modes: [PLP | SFA] radius.server.address= # The port on which the RADIUS server expects the authentication messages (1812 by default). Applies to server modes: [PLP | SFA] # radius.server.port=1812 radius.server.port= # The accounting port of the Radius server. # radius.server.accounting.port=1813 radius.server.accounting.port= # The RADIUS secret. radius.secret= #RADIUS Ldap authentication radius.ldap.auth.enabled=
Important: The maximum length of the sAMAccountName is 20 characters.