Page History

...

Code Block

title	Multi Group Realms
collapse	true

[main]
A#Ldap1 = com.sos.auth.shiro.SOSLdapAuthorizingRealm
 
A#Ldap1.userDnTemplate = uid={0},dc=example,dc=com
A#Ldap1.searchBase = dc=example,dc=com
A#Ldap1.contextFactory.url = ldap://ldap.forumsys.com:389
 
A#Ldap1.groupNameAttribute = ou
A#Ldap1.userNameAttribute = uid
 
A#Ldap1.rolePermissionResolver = $rolePermissionResolver
A#Ldap1.userSearchFilter = (uniqueMember=uid=%s,dc=example,dc=com)
A#Ldap1.groupRolesMap = \
  scientists : r1, \
  mathematicians: r2
A#Ldap1.roleAssignmentFromIni = false
 
A#Ldap2 = com.sos.auth.shiro.SOSLdapAuthorizingRealm
...

B#Ldap1 = com.sos.auth.shiro.SOSLdapAuthorizingRealm
...

B#Ldap2 = com.sos.auth.shiro.SOSLdapAuthorizingRealm
...

rolePermissionResolver = com.sos.auth.shiro.SOSPermissionResolverAdapter
rolePermissionResolver.ini = $iniRealm
 
authcStrategy = org.apache.shiro.authc.pam.SOSFirstSuccessfulGroupStrategy
securityManager.authenticator.authenticationStrategy = $authcStrategy
securityManager.realms = $A#Ldap1,$A#Ldap2,$B#Ldap1,$B#Ldap2
cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
securityManager.cacheManager = $cacheManager

...

Find a number of examples for the behavior with different strategies from the following chapters.

SOSFirstSuccessfulGroupStrategy

Code Block
authcStrategy = org.apache.shiro.authc.pam.SOSFirstSuccessfulGroupStrategy securityManager.authenticator.authenticationStrategy = $authcStrategy

...

A#Ldap1	A#Ldap2	B#Ldap1	B#Ldap2	Resulting Role Assignments
x	x	x	x	A#Ldap1, B#Ldap1
x		x	x	A#Ldap1, B#Ldap1
x	x		x	A#Ldap1, B#Ldap2
x	x	x		A#Ldap1, B#Ldap1
	x	x	x	A#Ldap2, B#Ldap1
x	x			fail
x		x		A#Ldap1, B#Ldap1
x			x	A#Ldap1, B#Ldap2
	x	x		A#Ldap2, B#Ldap1
	x		x	A#Ldap2, B#Ldap2
		x	x	fail
x				fail
	x			fail
		x		fail
			x	fail
				fail

SOSAllSuccessfulGroupStrategy

Code Block
authcStrategy = org.apache.shiro.authc.pam.SOSAllSuccessfulGroupStrategy securityManager.authenticator.authenticationStrategy = $authcStrategy

...

A#Ldap1	A#Ldap2	B#Ldap1	B#Ldap2	Resulting Role Assignments
x	x	x	x	A#Ldap1, A#Ldap2, B#Ldap1, B#Ldap2
x		x	x	B#Ldap1, B#Ldap2
x	x		x	A#Ldap1, A#Ldap2
x	x	x		A#Ldap1, A#Ldap2
	x	x	x	B#Ldap1, B#Ldap2
x	x			A#Ldap1, A#Ldap2
x		x		fail
x			x	fail
	x	x		fail
	x		x	fail
		x	x	B#Ldap1, B#Ldap2
x				fail
	x			fail
		x		fail
			x	fail
				fail

SOSAllSuccessfulFirstGroupStrategy

Code Block
authcStrategy = org.apache.shiro.authc.pam.SOSAllSuccessfulFirstGroupStrategy securityManager.authenticator.authenticationStrategy = $authcStrategy

...

A#Ldap1	A#Ldap2	B#Ldap1	B#Ldap2	Resulting Role Assignments
x	x	x	x	A#Ldap1, A#Ldap2
x		x	x	B#Ldap1, B#Ldap2
x	x		x	A#Ldap1, A#Ldap2
x	x	x		A#Ldap1, A#Ldap2
	x	x	x	B#Ldap1, B#Ldap2
x	x			A#Ldap1, A#Ldap2
x		x		fail
x			x	fail
	x	x		fail
	x		x	fail
		x	x	B#Ldap1, B#Ldap2
x				fail
	x			fail
		x		fail
			x	fail
				fail

SOSAtLeastOneSuccessfulGroupStrategy

Code Block
authcStrategy = org.apache.shiro.authc.pam.SOSAtLeastOneSuccessfulGroupStrategy securityManager.authenticator.authenticationStrategy = $authcStrategy

...

Space shortcuts

Page tree

Versions Compared

Old Version 33

New Version 34

Key

SOSFirstSuccessfulGroupStrategy

SOSAllSuccessfulGroupStrategy

SOSAllSuccessfulFirstGroupStrategy

SOSAtLeastOneSuccessfulGroupStrategy