Authenication Realm Providers

Description - A simple example of an authentication realm for use in testing or development. This realm verifies a password by reading an unencrypted properties file.

Runtime Class - com.iwaysoftware.eclipse.template.PropertiesRealmProviderType

Parameter Groups

Properties Realm

	Parameter	Type	Description
*	Properties File	string	Path to a properties file containing entries like username=password
	Attributes	string	List of attributes required for system applications as attribute=value

* - denotes required

Description - Handles authentication using an LDAP directory

Runtime Class - com.iwaysoftware.eclipse.template.LdapRealmProviderType

Parameter Groups

LDAP Realm

	Parameter	Type	Description
*	LDAP Provider	string	Name of the Directory Provider describing the connection to the LDAP server. Click below for a definition: LDAP Configuration
	User Base Context	string	The base of the subtree containing users. Each user that can be authenticated must be represented by an individual entry that corresponds to an element in this DirContext. If not specified, the top level element in the directory context will be used.
	User Pattern	string	A pattern for the distinguished name (DN) of the user's directory entry. Use {0} to substitute the username. For example, (cn={0}). LDAP OR syntax is also supported (\|(cn={0})(cn={0},o=myorg)). You can use this property instead of User Search Filter, Search User Subtree and User Base Context when the distinguished name contains the username and is otherwise the same for all users.
	Search User Subtree	boolean	The search scope. Set to true if you wish to search the entire subtree rooted at the User Base Context entry. The default value of false requests a single-level search including only the top level.
	User Search Filter	string	The LDAP filter expression to use when searching for a user's directory entry, with {0} marking where the actual username should be inserted. Use this property (along with the Search User Subtree property) instead of User Pattern to search the directory for the user's entry.
	User Password Attribute	string	Name of the attribute in the user's entry containing the user's password. If you specify this value, this realm will retrieve the corresponding attribute for comparison to the value specified by the user being authenticated. If you do not specify this value, this realm will attempt a simple bind to the directory using the DN of the user's entry and password specified by the user, with a successful bind being interpreted as an authenticated user.
	Role Base Context	string	The base directory entry for performing role searches. If not specified, the top level element in the directory context will be used.
	Search role Subtree	boolean	Set to true if you want to search the entire subtree of the element specified by the Role Base Context for role entries associated with the user. The default value of false causes only the top level to be searched.
	Role Search Filter	string	The LDAP filter expression used for performing role searches. Use {0} to substitute the distinguished name (DN) of the user, and/or {1} to substitute the username. If not specified a role search does not take place and roles are taken only from the attribute in the user's entry specified by the User Role Attribute.
	Role Attribute	string	The name of the attribute that contains role names in the directory entries found by a role search. In addition you can use the User Role Attribute property to specify the name of an attribute, in the user's entry, containing additional role names. If Role Attribute is not specified a role search does not take place, and roles are taken only from the user's entry.
	User Role Attribute	string	The name of an attribute in the user's directory entry containing zero or more values for the names of roles assigned to this user. In addition you can use the Role Attribute property to specify the name of an attribute to be retrieved from individual role entries found by searching the directory. If User Role Attribute is not specified all the roles for a user derive from the role search.

* - denotes required

Description - Kerberos realm for use with the Negotiate authentication scheme

Runtime Class - com.iwaysoftware.eclipse.template.KerberosRealmProviderType

Parameter Groups

Kerberos Realm

	Parameter	Type	Description
	JAAS Configuration File	string	Location of the JAAS configuration file as a URL. The file: scheme will be used if the value is given without a scheme. This optional property overrides the login.config.url.n properties in the java.security file and the java.security.auth.login.config system property.
*	Application Entry	string	The Application Entry in the JAAS login configuration file that will be used to login to Kerberos. This entry should configure a Kerberos login module (Krb5LoginModule).
	Service Principal Name	string	The name used to identify this service in Kerberos. For example, HTTP/host:port@DOMAIN. This can be left blank if the Kerberos login module declares a principal.
	Kerberos Password	password	Kerberos password for this Service Principal Name. This can be left blank if the Kerberos login module is using a keytab.

* - denotes required

Description - Handles authentication using JDBC datasource

Runtime Class - com.iwaysoftware.eclipse.template.JdbcRealmProviderType

Parameter Groups

JDBC Realm

	Parameter	Type	Description
	JNDI Factory Name	string	JNDI initial context factory class used to access data source. Use com.ibi.jndi.XDInitialContextFactory for an iWay JDBC provider or leave blank for JVM default.
*	JNDI Name	string	JNDI Name for the data source this realm will use to look up security information. To use an iWay JDBC provider, enter the JNDI name as jdbc/provider name.
*	Users Table	string	The users table must contain at least one row for every valid user that this realm should recognize. It must have at least two columns, username and password.
*	User Roles Table	string	The user roles table must contain at least one row for zero or more security roles assigned to a user. It must have at least two columns, username and role.
*	Username Column	string	Name of the column in the user and user roles tables that contains the user's username
*	User Credential Column	string	Name of the column in the user table that contains the user's credentials (i.e., password)
*	Role Column	string	Name of the column in the user roles table that contains the user's role.

* - denotes required

Description - Authentication realm that uses the specified JAAS application entry. Can only be used with authentication schemes that provide both username and credential.

Runtime Class - com.iwaysoftware.eclipse.template.JaasRealmProviderType

Parameter Groups

JAAS Realm

	Parameter	Type	Description
	JAAS Configuration File	string	Location of the JAAS configuration file as a URL. The file: scheme will be used if the value is given without a scheme. This optional property overrides the login.config.url.n properties in the java.security file and the java.security.auth.login.config system property.
*	Application Entry	string	The name of the application entry from the JAAS config that should be used for authentication.
*	User Principal	string	A successful JAAS login results in a Subject which can contain zero or more Principal objects. Specify the classname of the Principal object that applications should use to identify the authenticated user.
	Role Principal(s)	string	One or more Principals from the authenticated Subject that represent the user's role or roles in the application. This can be entered as a comma-delimited list.

* - denotes required

Description - Authentication realm that validates user and password using the iSM console's configuration.

Runtime Class - com.iwaysoftware.eclipse.template.ConsoleRealmProviderType

Parameter Groups

Description - This component will configure an Active Directory realm.

Runtime Class - com.iwaysoftware.eclipse.template.ADRealmProviderType

Parameter Groups

AD Realm

	Parameter	Type	Description
*	LDAP Provider	string	Name of the Directory Provider describing the connection to the LDAP server. Select from one of the following options: Default {default}
	User Base Context	string	The base of the subtree containing users. Each user that can be authenticated must be represented by an individual entry that corresponds to an element in this DirContext. If not specified, the top level element in the directory context will be used.
	User Pattern	string	A pattern for the distinguished name (DN) of the user's directory entry. Use {0} to substitute the username. For example, (cn={0}). LDAP OR syntax is also supported (\|(cn={0})(cn={0},o=myorg)). You can use this property instead of User Search Filter, Search User Subtree and User Base Context when the distinguished name contains the username and is otherwise the same for all users.
	Search User Subtree	boolean	The search scope. Set to true if you wish to search the entire subtree rooted at the User Base Context entry. The default value of false requests a single-level search including only the top level.
	User Search Filter	string	The LDAP filter expression to use when searching for a user's directory entry, with {0} marking where the actual username should be inserted. Use this property (along with the Search User Subtree property) instead of User Pattern to search the directory for the user's entry.
	Role Base Context	string	The base directory entry for performing role searches. If not specified, the top level element in the directory context will be used.
	Search role Subtree	boolean	Set to true if you want to search the entire subtree of the element specified by the Role Base Context for role entries associated with the user. The default value of false causes only the top level to be searched.
	Role Search Filter	string	The LDAP filter expression used for performing role searches. Use {0} to substitute the distinguished name (DN) of the user, and/or {1} to substitute the username. If not specified a role search does not take place and roles are taken only from the attribute in the user's entry specified by the User Role Attribute.
	Role Attribute	string	The name of the attribute that contains role names in the directory entries found by a role search. In addition you can use the User Role Attribute property to specify the name of an attribute, in the user's entry, containing additional role names. If Role Attribute is not specified a role search does not take place, and roles are taken only from the user's entry.
	User Role Attribute	string	The name of an attribute in the user's directory entry containing zero or more values for the names of roles assigned to this user. In addition you can use the Role Attribute property to specify the name of an attribute to be retrieved from individual role entries found by searching the directory. If User Role Attribute is not specified all the roles for a user derive from the role search.

* - denotes required

Subscribe to Authenication Realm Providers