Differences

This shows you the differences between two versions of the page.

--- devel:documentation:security:dev:authentication [2019/02/27 15:47]
kotisovam [Password change & old password] this whole part moved to admin guide section (Password)
+++ devel:documentation:security:dev:authentication [2020/06/24 06:09]
kopro [Actual list of authenticators] change image position
@@ Line 43: / Line 43: @@
 === DefaultAccAuthenticator ===
+<note important>This authenticator is from version 10.4.0 deprecated. Please use DefaultAccMultipleSystemAuthenticator. The configuration properties will be removed.</note>
 [[https://github.com/bcvsolutions/CzechIdMng/blob/develop/Realization/backend/acc/src/main/java/eu/bcvsolutions/idm/acc/security/authentication/impl/DefaultAccAuthenticator.java|DefaultAccAuthenticator]] checks the [[https://github.com/bcvsolutions/CzechIdMng/blob/develop/Realization/backend/core/core-api/src/main/java/eu/bcvsolutions/idm/core/security/api/dto/LoginDto.java|LoginDto]] against an end system. Users use their internal IdM login and their password from the end system.
@@ Line 53: / Line 55: @@
 First, the authenticator tries to find an end system with given UUID. If such system doesn't exist, the authentication returns NULL. Otherwise, the authenticator finds the mapped attribute of the system which is marked as ''Authentication attr.''.
 {{:navrh:01.png|}}
@@ Line 70: / Line 73: @@
+=== DefaultAccMultipleSystemAuthenticator ===
+Since 10.4.0.
+[[https://github.com/bcvsolutions/CzechIdMng/blob/okopr/2046-authentication-against-multiple-systems/Realization/backend/acc/src/main/java/eu/bcvsolutions/idm/acc/security/authentication/impl/DefaultAccMultipleSystemAuthenticator.java|DefaultAccMultipleSystemAuthenticator]] has same behavior as [[https://github.com/bcvsolutions/CzechIdMng/blob/develop/Realization/backend/acc/src/main/java/eu/bcvsolutions/idm/acc/security/authentication/impl/DefaultAccAuthenticator.java|DefaultAccAuthenticator]] but is allowed more system for authentication than one. Authenticator is placed between **DefaultAccAuthenticator** and **DefaultCoreAuthenticator**, more priority has original authenticator **DefaultAccAuthenticator**.
+<note tip>All behavior with authentication is same as original **DefaultAccAuthenticator**. The original authenticator is now deprecated. Please use the newer.</note>
+The end systems are defined with configuration properties. For example:
+<code>
+idm.sec.acc.security.auth.order1.system=e6a8b1e7-d656-47ae-aa2d-1062d1583c1a
+idm.sec.acc.security.auth.order2.system=ea86a399-9b26-4f75-9b3a-d3f0049031ef
+idm.sec.acc.security.auth.order3.system=
+idm.sec.acc.security.auth.order4.system=
+idm.sec.acc.security.auth.order5.system=SystemAD - User
+idm.sec.acc.security.auth.order6.system=
+idm.sec.acc.security.auth.order7.system=e6a8b1e7-d656-47ae-aa2d-1062d1583c1a
+idm.sec.acc.security.auth.order8.system=
+idm.sec.acc.security.auth.order9.system=LDAP User 2
+</code>
+Authentication is done from lowest order to highest. Maximum order is defined with the configuration property (default count is 50):
+<code>
+idm.sec.acc.security.auth.maximumSystemCount=50
+</code>
+Configuration property can be null or empty. **These configurations will be skipped**.