Loading...

Authentication Schemes

Table of Contents

    About authentication

    To provide proper Authentication possibilities for all inbound HTTP based protocols (HTTP, REST and Webservices) we have provded an pluggable Authentication mechanism for these components. We currently support three types of Authentication schemes:

    • BASIC using a userfile
    • BASIC using JDBC
    • LDAP authentication

    Using basic authentication using a userfile

    This form of authentication schema allows the user to inject a user file containing usernames/passwords for authentication users. This file is usually named users.properties and needs to be placed somewhere on the filesystem of the platform ConnectPlaza is running on. For example in [connectplaza-agent]/conf.

    The users.properties file should look something like this:

    jetty: MD5:164c88b302622e17050af52c89945d44,user
    admin: CRYPT:adpexzg3FUZAk,server-administrator,content-administrator,admin,user
    other: OBF:1xmk1w261u9r1w1c1xmq,user
    plain: plain,user
    user: password,user
    
    # This entry is for digest auth.  The credential is a MD5 hash of username:realmname:password
    digest: MD5:6e120743ad67abfbc385bc2bb754e297,user

    As you can see you specify a username, then a colon, and then either plain-text password, or a digested password specifying which digest is used (IE MD5, CRYPT or OBF).

    Specify the location of this file in the Authentication Realm property in Constructor and set Authentication Scheme to BASIC.

    Using basic authentication using JDBC

    This form of authentication scheme allows our users to connect to a JDBC Datasource containing a specific database-scheme containing the tables that are required to store users and roles. The configuration for this database must be placed in a jdbc.properties file and placed somewhere on the filesystem of the platform ConnectPlaza is running on. For example in [connectplaza-agent]/conf.

    The jdbc.properties should look something like this:

    jdbcdriver = com.mysql.jdbc.Driver
    url = jdbc:mysql://localhost:3306/users
    username = root
    password = root
    usertable = users
    usertablekey = id
    usertableuserfield = username
    usertablepasswordfield = pwd
    roletable = roles
    roletablekey = id
    roletablerolefield = role
    userroletable = user_roles
    userroletableuserkey = user_id
    userroletablerolekey = role_id
    cachetime = 300
    requiredrole = admin,myrole

    This configuration file specifies the connection to the database, the names of the desired tables and the column names to select the correct records.

    The requiredrole property specifies which role a user must have in order to be authenticated. This may also be a comma separated list. When a user is connected to a single role in this list, the user will be authenticated.

    Specify the location of this file in the Authentication Realm property in Constructor and set Authentication Scheme to BASIC_JDBC.

    In order to populate the database you can use this SQL syntax:

    CREATE TABLE `roles` (
      `id` int(11) NOT NULL,
      `role` varchar(100) NOT NULL,
      PRIMARY KEY (`id`),
      UNIQUE KEY `role` (`role`)
    ) ENGINE=InnoDB DEFAULT CHARSET=latin1;
    
    CREATE TABLE `user_roles` (
      `user_id` int(11) NOT NULL,
      `role_id` int(11) NOT NULL,
      PRIMARY KEY (`user_id`,`role_id`)
    ) ENGINE=InnoDB DEFAULT CHARSET=latin1;
    
    CREATE TABLE `users` (
      `id` int(11) NOT NULL,
      `username` varchar(100) NOT NULL,
      `pwd` varchar(20) NOT NULL,
      PRIMARY KEY (`id`),
      UNIQUE KEY `username` (`username`)
    ) ENGINE=InnoDB DEFAULT CHARSET=latin1;

    Using LDAP authentication

    This form of authentication scheme allows our users to connect to a LDAP server for authentication. The configuration for this Authentication must be placed in a jaas.ini file and placed somewhere on the filesystem of the platform ConnectPlaza is running on. For example in [connectplaza-agent]/conf.

    The jaas.ini should look something like this:

    jaas.type=ldap
    jaas.config=[connectplaza-agent]/conf/myldap.conf
    jaas.name=myldap
    jaas.roles=admin,developer
    • The jaas.config property must point to a separate LDAP configuration file myldap.conf that should be placed in the same location as the jaas.ini file.
    • The jaas.name property must refer to the configuration in the myldap.conf
    • The jaas.roles property specifies which role a user must have in order to be authenticated. This may also be a comma separated list. When a user is connected to a single role in this list, the user will be authenticated.
    • Specify the location of this file in the Authentication Realm property in Constructor and set Authentication Scheme to LDAP.

    In order to configure the LDAP connection, use the myldap.conf. The following is an example:

    myldap {
       org.eclipse.jetty.jaas.spi.LdapLoginModule required
       debug="true"
       contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
       hostname="ldap.server.com"
       port="389"
       bindDn="cn=directory manager"
       bindPassword="somepassword"
       authenticationMethod="simple"
       forceBindingLogin="true"
       userBaseDn="ou=gebruikers,dc=one,dc=two"
       userRdnAttribute=""
       userIdAttribute="uid"
       userPasswordAttribute="userPassword"
       userObjectClass="myobjectclass"
       roleBaseDn="dc=one,dc=two"
       roleNameAttribute="cn"
       roleMemberAttribute="uniqueMember"
       roleObjectClass="groupOfUniqueNames";
       };
    

    Please note that this configuration is based on a OpenLDAP server on port 389, the exact configuration of your specific LDAP implementation may vary! Please consult the settings and specifics of your situation before changing these settings. Only correct settings will allow for correct authentication!  

    Example


    Copyright © 2018 ConnectPlaza.   For pricing, account management and more go to https://www.connectplaza.com

    About Connectplaza

    Si components version:   

    Lorem ipsum delore set

    Lorem ipsum delore set

    Window size is not optimal. Please enlarge for optimal experience

    No connection

    No response from the server. This window will automaticly disappear by an valid connection