...
B#ldap1
roles = b1
B#ldap2
roles = b2
Here is an example main section for this szenario
Code Block | ||
---|---|---|
| ||
[main]
A#Ldap1 = com.sos.auth.shiro.SOSLdapAuthorizingRealm
A#Ldap1.userDnTemplate = uid={0},dc=example,dc=com
A#Ldap1.searchBase = dc=example,dc=com
A#Ldap1.contextFactory.url = ldap://ldap.forumsys.com:389
A#Ldap1.groupNameAttribute = ou
A#Ldap1.userNameAttribute = uid
A#Ldap1.rolePermissionResolver = $rolePermissionResolver
A#Ldap1.userSearchFilter = (uniqueMember=uid=%s,dc=example,dc=com)
A#Ldap1.groupRolesMap = \
scientists : it_operator, \
mathematicians: all
A#Ldap1.roleAssignmentFromIni = false
A#Ldap2 = com.sos.auth.shiro.SOSLdapAuthorizingRealm
...
B#Ldap1 = com.sos.auth.shiro.SOSLdapAuthorizingRealm
...
B#Ldap2 = com.sos.auth.shiro.SOSLdapAuthorizingRealm
...
rolePermissionResolver = com.sos.auth.shiro.SOSPermissionResolverAdapter
rolePermissionResolver.ini = $iniRealm
securityManager.realms = $A#publicLdapRealm
cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
securityManager.cacheManager = $cacheManager |
Example Behavior with Different Strategies
SOSFirstSuccessfulGroupStrategy
Code Block |
---|
authcStrategy = org.apache.shiro.authc.pam.SOSFirstSuccessfulGroupStrategy securityManager.authenticator.authenticationStrategy = $authcStrategy |
All realms with the same group will be checked group-wise.
...
- If A#ldap1, A#ldap2 and B#ldap2 can authenticate than the user will have the roles a1 and b2.
- If A#ldap2 and B#ldap1 can authenticate than authentication will fail.
SOSAllSuccessfulGroupStrategy
Code Block |
---|
authcStrategy = org.apache.shiro.authc.pam.SOSAllSuccessfulGroupStrategy securityManager.authenticator.authenticationStrategy = $authcStrategy |
All realms with the same group will be checked group-wise.
In at least one group all realms must be authenticated.
The roles from realms in groups where all realms can be authenticated will be merged to the roles the user has.
...
SOSAllSuccessfulFirstGroupStrategy
Code Block |
---|
authcStrategy = org.apache.shiro.authc.pam.SOSAllSuccessfulFirstGroupStrategy
securityManager.authenticator.authenticationStrategy = $authcStrategy |
All realms with the same group will be checked group-wise.
In at least one group all realms must be authenticated.
The roles from realms in the first group where all realms can be authenticated will be merged with other roles the user may have.
...
SOSAtLeastOneSuccessfulGroupStrategy
Code Block |
---|
authcStrategy = org.apache.shiro.authc.pam.SOSAtLeastOneSuccessfulGroupStrategy
securityManager.authenticator.authenticationStrategy = $authcStrategy |
All realms with the same group will be checked group-wise.
At least one realm must be authenticate in every group.
The roles from realms that have authenticated will be merged with other roles the user may have.
...