Authenication Realm Providers

Description - A simple example of an authentication realm for use in testing or development. This realm verifies a password by reading an unencrypted properties file.
 
Runtime Class - com.iwaysoftware.eclipse.template.PropertiesRealmProviderType


 

Parameter Groups

  Parameter Type Description
* Properties File string Path to a properties file containing entries like username=password
  Attributes string List of attributes required for system applications as attribute=value
* - denotes required


Description - Handles authentication using an LDAP directory

Runtime Class - com.iwaysoftware.eclipse.template.LdapRealmProviderType



Parameter Groups

 ParameterTypeDescription
*LDAP ProviderstringName of the Directory Provider describing the connection to the LDAP server.

Click below for a definition:
User Base ContextstringThe base of the subtree containing users. Each user that can be authenticated must be represented by an individual entry that corresponds to an element in this DirContext. If not specified, the top level element in the directory context will be used.
User PatternstringA pattern for the distinguished name (DN) of the user's directory entry. Use {0} to substitute the username. For example, (cn={0}). LDAP OR syntax is also supported (|(cn={0})(cn={0},o=myorg)). You can use this property instead of User Search Filter, Search User Subtree and User Base Context when the distinguished name contains the username and is otherwise the same for all users.
Search User SubtreebooleanThe search scope. Set to true if you wish to search the entire subtree rooted at the User Base Context entry. The default value of false requests a single-level search including only the top level.
User Search FilterstringThe LDAP filter expression to use when searching for a user's directory entry, with {0} marking where the actual username should be inserted. Use this property (along with the Search User Subtree property) instead of User Pattern to search the directory for the user's entry.
User Password AttributestringName of the attribute in the user's entry containing the user's password. If you specify this value, this realm will retrieve the corresponding attribute for comparison to the value specified by the user being authenticated. If you do not specify this value, this realm will attempt a simple bind to the directory using the DN of the user's entry and password specified by the user, with a successful bind being interpreted as an authenticated user.
Role Base ContextstringThe base directory entry for performing role searches. If not specified, the top level element in the directory context will be used.
Search role SubtreebooleanSet to true if you want to search the entire subtree of the element specified by the Role Base Context for role entries associated with the user. The default value of false causes only the top level to be searched.
Role Search FilterstringThe LDAP filter expression used for performing role searches. Use {0} to substitute the distinguished name (DN) of the user, and/or {1} to substitute the username. If not specified a role search does not take place and roles are taken only from the attribute in the user's entry specified by the User Role Attribute.
Role AttributestringThe name of the attribute that contains role names in the directory entries found by a role search. In addition you can use the User Role Attribute property to specify the name of an attribute, in the user's entry, containing additional role names. If Role Attribute is not specified a role search does not take place, and roles are taken only from the user's entry.
User Role AttributestringThe name of an attribute in the user's directory entry containing zero or more values for the names of roles assigned to this user. In addition you can use the Role Attribute property to specify the name of an attribute to be retrieved from individual role entries found by searching the directory. If User Role Attribute is not specified all the roles for a user derive from the role search.
* - denotes required

Description - Kerberos realm for use with the Negotiate authentication scheme
 
Runtime Class - com.iwaysoftware.eclipse.template.KerberosRealmProviderType


 

Parameter Groups

  Parameter Type Description
  JAAS Configuration File string Location of the JAAS configuration file as a URL. The file: scheme will be used if the value is given without a scheme. This optional property overrides the login.config.url.n properties in the java.security file and the java.security.auth.login.config system property.
* Application Entry string The Application Entry in the JAAS login configuration file that will be used to login to Kerberos. This entry should configure a Kerberos login module (Krb5LoginModule).
  Service Principal Name string The name used to identify this service in Kerberos. For example, HTTP/host:port@DOMAIN. This can be left blank if the Kerberos login module declares a principal.
  Kerberos Password password Kerberos password for this Service Principal Name. This can be left blank if the Kerberos login module is using a keytab.
* - denotes required


Description - Handles authentication using JDBC datasource
 
Runtime Class - com.iwaysoftware.eclipse.template.JdbcRealmProviderType


 

Parameter Groups

  Parameter Type Description
  JNDI Factory Name string JNDI initial context factory class used to access data source. Use com.ibi.jndi.XDInitialContextFactory for an iWay JDBC provider or leave blank for JVM default.
* JNDI Name string JNDI Name for the data source this realm will use to look up security information. To use an iWay JDBC provider, enter the JNDI name as jdbc/provider name.
* Users Table string The users table must contain at least one row for every valid user that this realm should recognize. It must have at least two columns, username and password.
* User Roles Table string The user roles table must contain at least one row for zero or more security roles assigned to a user. It must have at least two columns, username and role.
* Username Column string Name of the column in the user and user roles tables that contains the user's username
* User Credential Column string Name of the column in the user table that contains the user's credentials (i.e., password)
* Role Column string Name of the column in the user roles table that contains the user's role.
* - denotes required


Description - Authentication realm that uses the specified JAAS application entry. Can only be used with authentication schemes that provide both username and credential.
 
Runtime Class - com.iwaysoftware.eclipse.template.JaasRealmProviderType


 

Parameter Groups

  Parameter Type Description
  JAAS Configuration File string Location of the JAAS configuration file as a URL. The file: scheme will be used if the value is given without a scheme. This optional property overrides the login.config.url.n properties in the java.security file and the java.security.auth.login.config system property.
* Application Entry string The name of the application entry from the JAAS config that should be used for authentication.
* User Principal string A successful JAAS login results in a Subject which can contain zero or more Principal objects. Specify the classname of the Principal object that applications should use to identify the authenticated user.
  Role Principal(s) string One or more Principals from the authenticated Subject that represent the user's role or roles in the application. This can be entered as a comma-delimited list.
* - denotes required


Description - Authentication realm that validates user and password using the iSM console's configuration.
 
Runtime Class - com.iwaysoftware.eclipse.template.ConsoleRealmProviderType


 

Parameter Groups

 


Description - This component will configure an Active Directory realm.
 
Runtime Class - com.iwaysoftware.eclipse.template.ADRealmProviderType


 

Parameter Groups

  Parameter Type Description
* LDAP Provider string Name of the Directory Provider describing the connection to the LDAP server.

Select from one of the following options:
  • Default {default}
  User Base Context string The base of the subtree containing users. Each user that can be authenticated must be represented by an individual entry that corresponds to an element in this DirContext. If not specified, the top level element in the directory context will be used.
  User Pattern string A pattern for the distinguished name (DN) of the user's directory entry. Use {0} to substitute the username. For example, (cn={0}). LDAP OR syntax is also supported (|(cn={0})(cn={0},o=myorg)). You can use this property instead of User Search Filter, Search User Subtree and User Base Context when the distinguished name contains the username and is otherwise the same for all users.
  Search User Subtree boolean The search scope. Set to true if you wish to search the entire subtree rooted at the User Base Context entry. The default value of false requests a single-level search including only the top level.
  User Search Filter string The LDAP filter expression to use when searching for a user's directory entry, with {0} marking where the actual username should be inserted. Use this property (along with the Search User Subtree property) instead of User Pattern to search the directory for the user's entry.
  Role Base Context string The base directory entry for performing role searches. If not specified, the top level element in the directory context will be used.
  Search role Subtree boolean Set to true if you want to search the entire subtree of the element specified by the Role Base Context for role entries associated with the user. The default value of false causes only the top level to be searched.
  Role Search Filter string The LDAP filter expression used for performing role searches. Use {0} to substitute the distinguished name (DN) of the user, and/or {1} to substitute the username. If not specified a role search does not take place and roles are taken only from the attribute in the user's entry specified by the User Role Attribute.
  Role Attribute string The name of the attribute that contains role names in the directory entries found by a role search. In addition you can use the User Role Attribute property to specify the name of an attribute, in the user's entry, containing additional role names. If Role Attribute is not specified a role search does not take place, and roles are taken only from the user's entry.
  User Role Attribute string The name of an attribute in the user's directory entry containing zero or more values for the names of roles assigned to this user. In addition you can use the Role Attribute property to specify the name of an attribute to be retrieved from individual role entries found by searching the directory. If User Role Attribute is not specified all the roles for a user derive from the role search.
* - denotes required