For further information see: https://kb.sos-berlin.com/x/h4bt [users] administrator = $shiro1$SHA-512$500000$BZASvbCtiECiM9kwjqI1ow==$IKfbskqi5VGUm/Ysr0BFS8fMYQQcV78GIDcbV2N1T9Q1os99oVXWd7RZWzWbnqY3OZAjd4EFtbwhTVvxZS++aw==,administrator api_user = $shiro1$SHA-512$500000$ZACYLMkDOsIO0aEtznZyig==$md8wSi3b+VTwepBM9fcLoAW6OLfwRpYvlkgm/bHCs7tIri331L4taf1AK3wGYUBreFkNM8vFgWDLdidlppLB4w==,api_user application_manager = $shiro1$SHA-512$500000$JELbPBXwYbItkAEkW1bI+A==$JFDIkrjyA/kRrg9cJSESokisYX25HH5fJCW/MAXOAoPHYY0kFJZRrDtRlMA2MwzcofMMIgIwy+SEHF6nQXTZMA==,application_manager business_user = $shiro1$SHA-512$500000$75St1KFDgHLxonvHF3X2kQ==$59fl1CMUUyS3qRHbfgLCAeS/nLQqxsXB3jiKT29WIr0q9wmdGC+Vgqs20X3QqKJew1vvJRI/2RnvEqYF6pnpsw==,business_user incident_manager = $shiro1$SHA-512$500000$/DVMuadHBMqkAWiSIhyXrA==$brIx90gKCzvz6BTW+nSeBeewZUDCG26RElTAegYWYhmJwCRAAZM4q0PMk5Y+k/wLT7TTKqm6PGJWNzBbrlAObA==,incident_manager it_operator = $shiro1$SHA-512$500000$PqETLFA6uhYwtx/1+wLJzg==$PRe/axzjoeCbt/a68wxoHL1e/YrkY+KKTdn5LxJYjIlaUtDtdRpssGTz6z/vxAK+wyo9IT1aZpuwvBVGLQreNA==,it_operator root = $shiro1$SHA-512$500000$W0oNBkZY9LRrRIGyc4z2Ug==$NcoU+ZFM9vsM0MeHJ3P5NJ0NdvJrK38qVnl7v7YG7p9o5ZJfMccugJsA9myJsTNx2BF5rbvA696UhTGdUtSnOg==,all ITE\MKL = ,all ITE\KBO = ,all [roles] #Permissions are assigned to roles with a comma separated list of permissions. Permissions may have * as a wildcard. all = sos:products administrator = sos:products:joc_cockpit:jobscheduler_master:view, \ sos:products:joc_cockpit:jobscheduler_master:execute:pause, \ sos:products:joc_cockpit:jobscheduler_master:execute:continue, \ sos:products:joc_cockpit:jobscheduler_master:execute:restart, \ sos:products:joc_cockpit:jobscheduler_master:execute:terminate, \ sos:products:joc_cockpit:jobscheduler_master:execute:abort, \ sos:products:joc_cockpit:jobscheduler_master:administration:edit_permissions, \ sos:products:joc_cockpit:jobscheduler_master:administration:remove_old_instances, \ sos:products:joc_cockpit:jobscheduler_master_cluster, \ sos:products:joc_cockpit:jobscheduler_universal_agent application_manager = sos:products:joc_cockpit:jobscheduler_master:view, \ sos:products:joc_cockpit:jobscheduler_master:execute:pause, \ sos:products:joc_cockpit:jobscheduler_master:execute:continue, \ sos:products:joc_cockpit:jobscheduler_master:administration:manage_categories, \ sos:products:joc_cockpit:jobscheduler_master_cluster:view:status, \ sos:products:joc_cockpit:jobscheduler_universal_agent:view:status, \ sos:products:joc_cockpit:daily_plan:view:status, \ sos:products:joc_cockpit:history:view, \ sos:products:joc_cockpit:order, \ sos:products:joc_cockpit:job_chain, \ sos:products:joc_cockpit:job, \ sos:products:joc_cockpit:process_class, \ sos:products:joc_cockpit:schedule, \ sos:products:joc_cockpit:lock, \ sos:products:joc_cockpit:event, \ sos:products:joc_cockpit:event_action, \ sos:products:joc_cockpit:holiday_calendar:view:status, \ sos:products:joc_cockpit:maintenance_window:view, \ sos:products:joc_cockpit:maintenance_window:enable_disable_maintenance_window, \ sos:products:joc_cockpit:audit_log:view:status, \ sos:products:joc_cockpit:customization:share it_operator = sos:products:joc_cockpit:jobscheduler_master:view, \ sos:products:joc_cockpit:jobscheduler_master_cluster:view:status, \ sos:products:joc_cockpit:jobscheduler_universal_agent:view:status, \ sos:products:joc_cockpit:daily_plan:view:status, \ sos:products:joc_cockpit:history:view, \ sos:products:joc_cockpit:order, \ sos:products:joc_cockpit:job_chain, \ sos:products:joc_cockpit:job, \ sos:products:joc_cockpit:process_class, \ sos:products:joc_cockpit:schedule, \ sos:products:joc_cockpit:lock, \ sos:products:joc_cockpit:event, \ sos:products:joc_cockpit:event_action, \ sos:products:joc_cockpit:holiday_calendar:view:status, \ sos:products:joc_cockpit:maintenance_window:view, \ sos:products:joc_cockpit:audit_log:view:status, \ sos:products:joc_cockpit:customization:share:view incident_manager = sos:products:joc_cockpit:jobscheduler_master:view, \ sos:products:joc_cockpit:jobscheduler_master_cluster:view:status, \ sos:products:joc_cockpit:jobscheduler_universal_agent:view:status, \ sos:products:joc_cockpit:daily_plan:view:status, \ sos:products:joc_cockpit:history:view, \ sos:products:joc_cockpit:order:view, \ sos:products:joc_cockpit:order:remove_setback, \ sos:products:joc_cockpit:job_chain:view, \ sos:products:joc_cockpit:job:view, \ sos:products:joc_cockpit:process_class:view, \ sos:products:joc_cockpit:schedule:view, \ sos:products:joc_cockpit:lock:view, \ sos:products:joc_cockpit:event:view, \ sos:products:joc_cockpit:event_action:view, \ sos:products:joc_cockpit:holiday_calendar:view:status, \ sos:products:joc_cockpit:maintenance_window:view, \ sos:products:joc_cockpit:audit_log:view:status, \ sos:products:joc_cockpit:customization:share:view business_user = sos:products:joc_cockpit:jobscheduler_master:view:status, \ sos:products:joc_cockpit:jobscheduler_master_cluster:view:status, \ sos:products:joc_cockpit:jobscheduler_universal_agent:view:status, \ sos:products:joc_cockpit:daily_plan:view:status, \ sos:products:joc_cockpit:history:view, \ sos:products:joc_cockpit:order:view:status, \ sos:products:joc_cockpit:order:view:order_log, \ sos:products:joc_cockpit:job_chain:view:status, \ sos:products:joc_cockpit:job_chain:view:history, \ sos:products:joc_cockpit:job:view:status, \ sos:products:joc_cockpit:job:view:history, \ sos:products:joc_cockpit:job:view:task_log, \ sos:products:joc_cockpit:process_class:view:status, \ sos:products:joc_cockpit:schedule:view:status, \ sos:products:joc_cockpit:lock:view:status, \ sos:products:joc_cockpit:holiday_calendar:view:status, \ sos:products:joc_cockpit:maintenance_window:view:status, \ sos:products:joc_cockpit:audit_log:view:status, \ sos:products:joc_cockpit:customization:share:view api_user = sos:products:commands:jobscheduler_master:view:status, \ sos:products:commands:history:view, \ sos:products:commands:order, \ sos:products:commands:job_chain, \ sos:products:commands:job, \ -sos:products:commands:job:view:configuration, \ -sos:products:commands:job_chain:view:configuration, \ -sos:products:commands:order:view:configuration, \ -sos:products:commands:order:remove_setback, \ sos:products:commands:process_class:view:status, \ sos:products:commands:schedule:view:status, \ sos:products:commands:lock:view:status, \ sos:products:commands:holiday_calendar:view:status, \ sos:products:commands:maintenance_window:view:status [main] rolePermissionResolver = com.sos.auth.shiro.SOSPermissionResolverAdapter rolePermissionResolver.ini = $iniRealm # 1. Realm for Domain ite.local # ------------------------------- ldapRealm = com.sos.auth.shiro.SOSLdapAuthorizingRealm ldapRealm.contextFactory.url = ldap://ite.local:389 # users can login with ITE\account and account@ite.local where the account maps to the sAMAccountName ldapRealm.userDnTemplate = {0} ldapRealm.rolePermissionResolver = $rolePermissionResolver # ------------------------------- # 2. Realm for 2nd Domain domain.local # ------------------------------- ldapRealm2 = com.sos.auth.shiro.SOSLdapAuthorizingRealm ldapRealm2.contextFactory.url = ldap://domain.local:389 # users can login with domain\account and account@domain.local where the account maps to the sAMAccountName ldapRealm2.userDnTemplate = {0} ldapRealm2.rolePermissionResolver = $rolePermissionResolver # ------------------------------- # Authentication via domains ite.local, domain.local and via shiro.ini [users] section securityManager.realms = $ldapRealm, $ldapRealm2, $iniRealm passwordMatcher = org.apache.shiro.authc.credential.PasswordMatcher iniRealm.credentialsMatcher = $passwordMatcher cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager securityManager.cacheManager = $cacheManager # Session timeout in milliseconds securityManager.sessionManager.globalSessionTimeout = 1800000