Product Knowledge Base

Space shortcuts

Page tree

Versions Compared

Old Version 20

changes.mady.by.user Alan Amos

Saved on

compared with

New Version 21

changes.mady.by.user Alan Amos

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: ''Realm ...Mappings' extended

...

Logical selection of realm group strategies can also be implemented. These strategies determine, for example, that an account will only be authenticated for one realm when it can also be authenticated for a secondall the realms in that group.

Configuration

This feature is activated by inserting the following line of code in the [main] section of the Shiro ini file:

...

All realms with the same group will be checked group-wise.

In every group there must be one realm that can be authenticated.

If none of the realms in at least one group authenticate then authentication will fail for all groups.

The roles from the first realm per group will be merged to the roles the user has.

...

  • If A#ldap1, A#ldap2 and B#ldap2 can authenticate than the user will have the roles a1 and b2.
  • If A#ldap2 and B#ldap1 can authenticate than authentication will fail.
SOSAllSuccessfulGroupStrategy

...

  • If A#ldap1, A#ldap2 and B#ldap1, B#ldap2 can authenticate than the user will have the roles a1,a2,b1,b2.
  • If A#ldap1, A#ldap2 and B#ldap1 can authenticate than the user will have the roles a1,a2.
  • If A#ldap2 and B#ldap1 can authenticate than authentication will fail.
SOSAllSuccessfulFirstGroupStrategy

All realms with the same group will be checked group-wise.
In at least one group all realms must be authenticated.
The roles from realms in the first group where all realms can be authenticated will be merged to the with other roles the user hasmay have.

Example:
  • If A#ldap1, and B#ldap1, B#ldap2 can authenticate than the user will have the roles b1,b2
  • If A#ldap1, A#ldap2 and B#ldap2 can authenticate than the user will have the roles a1,a2
  • If A#ldap1 and B#ldap2 can authenticate than authentication will fail.
SOSAtLeastOneSuccessfulGroupStrategy

All realms with the same group will be checked group-wise.
In all groups at At least one realms realm must be authenticatedauthenticate in every group.
The roles from realms that can be authenticate have authenticated will be merged to the with other roles the user hasmay have.

Example:
  • If A#ldap1, B#ldap1, B#ldap2 can authenticate than the user will have the roles a1,b1,b2
  • If B#ldap1 and B#ldap2 can authenticate than authentication will fail.