Product Knowledge Base

Space shortcuts

Page tree

Versions Compared

Old Version 25

changes.mady.by.user Alan Amos

Saved on

compared with

New Version 26

changes.mady.by.user Uwe Risse

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

B#ldap1
roles = b1

B#ldap2
roles = b2

 

Here is an example main section for this szenario

Code Block
titleMulti Group Realms
[main]
A#Ldap1 = com.sos.auth.shiro.SOSLdapAuthorizingRealm
 
A#Ldap1.userDnTemplate = uid={0},dc=example,dc=com
A#Ldap1.searchBase = dc=example,dc=com
A#Ldap1.contextFactory.url = ldap://ldap.forumsys.com:389
 
A#Ldap1.groupNameAttribute = ou
A#Ldap1.userNameAttribute = uid
 
A#Ldap1.rolePermissionResolver = $rolePermissionResolver
A#Ldap1.userSearchFilter = (uniqueMember=uid=%s,dc=example,dc=com)
A#Ldap1.groupRolesMap = \
  scientists : it_operator, \
  mathematicians: all
A#Ldap1.roleAssignmentFromIni = false
 
A#Ldap2 = com.sos.auth.shiro.SOSLdapAuthorizingRealm
...


B#Ldap1 = com.sos.auth.shiro.SOSLdapAuthorizingRealm
...


B#Ldap2 = com.sos.auth.shiro.SOSLdapAuthorizingRealm
...

rolePermissionResolver = com.sos.auth.shiro.SOSPermissionResolverAdapter
rolePermissionResolver.ini = $iniRealm
 
securityManager.realms = $A#publicLdapRealm
cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
securityManager.cacheManager = $cacheManager

 

 

Example Behavior with Different Strategies

SOSFirstSuccessfulGroupStrategy
Code Block
authcStrategy = org.apache.shiro.authc.pam.SOSFirstSuccessfulGroupStrategy
securityManager.authenticator.authenticationStrategy = $authcStrategy

 

All realms with the same group will be checked group-wise.

...

  • If A#ldap1, A#ldap2 and B#ldap2 can authenticate than the user will have the roles a1 and b2.
  • If A#ldap2 and B#ldap1 can authenticate than authentication will fail.
SOSAllSuccessfulGroupStrategy
Code Block
authcStrategy = org.apache.shiro.authc.pam.SOSAllSuccessfulGroupStrategy
securityManager.authenticator.authenticationStrategy = $authcStrategy

All realms with the same group will be checked group-wise.
In at least one group all realms must be authenticated.
The roles from realms in groups where all realms can be authenticated will be merged to the roles the user has.

...

SOSAllSuccessfulFirstGroupStrategy
Code Block
authcStrategy = org.apache.shiro.authc.pam.SOSAllSuccessfulFirstGroupStrategy
securityManager.authenticator.authenticationStrategy = $authcStrategy

All realms with the same group will be checked group-wise.
In at least one group all realms must be authenticated.
The roles from realms in the first group where all realms can be authenticated will be merged with other roles the user may have.

...

SOSAtLeastOneSuccessfulGroupStrategy
Code Block
authcStrategy = org.apache.shiro.authc.pam.SOSAtLeastOneSuccessfulGroupStrategy
securityManager.authenticator.authenticationStrategy = $authcStrategy

All realms with the same group will be checked group-wise.
At least one realm must be authenticate in every group.
The roles from realms that have authenticated will be merged with other roles the user may have.

...