Authentication against LDAPAuthenticationManager.properties -has to be set in order for the whole authentication to work AUTH_TYPE=AuthenticationManagerWEBLogon AuthenticationManager_jaas.config -file containing definitions of authentication procedures, e.g. AuthenticationManagerS3User or AuthenticationManagerJNDI and many others AuthenticationManagerWEBLogon{ Each row describes one login module, which will be triggered during user logon.There are two different types - with flag "s3user=true" and without. Login modules marked as "s3user=true" tries to authenticate VM user. Modules without such flag do other things, e.g. database logon. Names of login modules express what they will do and of course, each expect different parameters. Login Modules DBLoginModule - expects authentication info to connect to DB User name / password is taken from login dialog or SSO. You can create any combination of these modules. Control Flags There are control flags which are also described within the AuthenticationManager_jaas.config file. Flag value controls the overall behavior as authentication proceeds down the stack. The following represents a description of the valid values for flag and their respective semantics:
The overall authentication succeeds only if all Required and Requisite LoginModules succeed. If a Sufficient LoginModule is configured and succeeds, then only the Required and Requisite LoginModules prior to that Sufficient LoginModule need to have succeeded for the overall authentication to succeed. If no Required or Requisite LoginModules are configured for an application, then at least one Sufficient or Optional LoginModule must succeed. Configuration of Valuemation 1. Database login modules (e.g. DBLoginModule) must precede user login modules (e.g. S3UserLoginModule, JNDILoginModule). 2. Main database login module should have flag Requisite. 3. It is possible to use more than one user login module in one configuration. User login module must be marked as Sufficient and the last one must be marked as Required. It means, that the first user login module, which succeeds, starts Valuemation. | |||||