Product Knowledge Base

Space shortcuts

Page tree

Versions Compared

Old Version 58

changes.mady.by.user Alan Amos

Saved on

compared with

New Version Current

changes.mady.by.user Alan Amos

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: 'Multi-Realm' added to 'Intro'

...

Excerpt

The JOC Cockpit brings user authentication and authorization to the JobScheduler.

Authentication can either take place against an Apache ShiroTM compliant configuration, an LDAP compliant directory service or information stored in a database. Authentication against multiple realms is possible.

Authorization is defined in Roles and Permissions and an example set of Roles and Permissions is provided with the JOC Cockpit installation. System administrators are able to define their own User Roles and Permission sets as required.

The JOC Cockpit is able to handle authentication of multiple users and their authorization for multiple JobSchedulers simultaneously. It also includes an editor in the Manage Accounts view for the configuration of authentication and authorization.

...

Anchor
cluster
cluster

JOC Cockpit Clusters

Display feature availability
StartingFromRelease1.12.1

Multiple instances of the JOC Cockpit can be synchronized to provide a high availability cluster. (This feature is available with Release 1.12.1 and newer)

To enable clustering of the JOC Cockpit:

...

  • Code Block
    languagexml
    sessionDAO = com.sos.auth.shiro.SOSDistributedSessionDAO
securityManager.sessionManager.sessionDAO = $sessionDAO
  • This can either be done most easily using the Enable JOC Cluster button in the Manage Accounts / Main Section tab.

, active, cluster that is transparent to the user. Cluster members then share Authentication and Authorization information.

A more detailed description of JOC Cockpit clusters can be found in the JOC Cockpit - Clustering article

...

.

Implementation

  • The JOC Cockpit uses Apache Shiro to authenticate and authorize users.
  • Authentication and Authorization information can be read by Shiro from a number of separate resources. These are:
    • a local configuration (shiro.ini) file that may include both authentication and authorization information, depending on the methods of authentication and authorization configured;
    • a authentication service that provides an LDAP interface such as Microsoft Active Directory and
    • a database containing both authentication and authorization information and which complies with the Shiro data model requirements. This database will be managed (and populated) by a system administrator.

...