It allows to set whatever options your LDAP JNDI provider supports your Gateway
configuration file.
Examples of standard property names are:
initialContextFactory = "java.naming.factory.initial"
securityProtocol = "java.naming.security.protocol"
providerUrl = "java.naming.provider.url"
securityAuthentication = "java.naming.security.authentication"
This store implementation is both an Identity Store and Credential Store.
Since in JOSSO the authentication of the user is left to the configured Authentication Scheme,
this store implementation cannot delegate user identity assertion by binding to the
LDAP server. For that reason it retrieves the required credentials from the directory
leaving the authentication procedure to the configured Authentication Scheme.
The store must be supplied with the configuratoin parameters so that it can retrieve user
identity information.
Additional component properties include:
- securityPrincipal: the DN of the user to be used to bind to the LDAP Server
- securityCredential: the securityPrincipal password to be used for binding to the
LDAP Server.
- securityAuthentication: the security level to be used with the LDAP Server session.
Its value is one of the following strings:
"none", "simple", "strong".
If not set, "simple" will be used.
- usersCtxDN : the fixed distinguished name to the context to search for user accounts.
- principalUidAttributeID: the name of the attribute that contains the user login name.
This is used to locate the user.
- rolesCtxDN : The fixed distinguished name to the context to search for user roles.
- uidAttributeID: the name of the attribute that, in the object containing the user roles,
references role members. The attribute value should be the DN of the user associated with the
role. This is used to locate the user roles.
- roleAttributeID : The name of the attribute that contains the role name
- credentialQueryString : The query string to obtain user credentials. It should have the
following format : user_attribute_name=credential_attribute_name,...
For example :
uid=username,userPassword=password
- userPropertiesQueryString : The query string to obtain user properties. It should have
the following format : ldap_attribute_name=user_attribute_name,...
For example :
mail=mail,cn=description
A sample LDAP Identity Store configuration :
<sso-identity-store>
<class>org.josso.gateway.identity.service.store.ldap.LDAPBindIdentityStore</class>
<initialContextFactory>com.sun.jndi.ldap.LdapCtxFactory</initialContextFactory>
<providerUrl>ldap://localhost</providerUrl>
<securityPrincipal>cn=Manager\,dc=my-domain\,dc=com</securityPrincipal>
<securityCredential>secret</securityCredential>
<securityAuthentication>simple</securityAuthentication>
<usersCtxDN>ou=People\,dc=my-domain\,dc=com</usersCtxDN>
<principalUidAttributeID>uid</principalUidAttributeID>
<rolesCtxDN>ou=Roles\,dc=my-domain\,dc=com</rolesCtxDN>
<uidAttributeID>uniquemember</uidAttributeID>
<roleAttributeID>cn</roleAttributeID>
<credentialQueryString>uid=username\,userPassword=password</credentialQueryString>
<userPropertiesQueryString>mail=mail\,cn=description</userPropertiesQueryString>
</sso-identity-store>
A sample LDAP Credential Store configuration :
<credential-store>
<class>org.josso.gateway.identity.service.store.ldap.LDAPBindIdentityStore</class>
<initialContextFactory>com.sun.jndi.ldap.LdapCtxFactory</initialContextFactory>
<providerUrl>ldap://localhost</providerUrl>
<securityPrincipal>cn=Manager\,dc=my-domain\,dc=com</securityPrincipal>
<securityCredential>secret</securityCredential>
<securityAuthentication>simple</securityAuthentication>
<usersCtxDN>ou=People\,dc=my-domain\,dc=com</usersCtxDN>
<principalUidAttributeID>uid</principalUidAttributeID>
<rolesCtxDN>ou=Roles\,dc=my-domain\,dc=com</rolesCtxDN>
<uidAttributeID>uniquemember</uidAttributeID>
<roleAttributeID>cn</roleAttributeID>
<credentialQueryString>uid=username\,userPassword=password</credentialQueryString>
<userPropertiesQueryString>mail=mail\,cn=description</userPropertiesQueryString>
</credential-store>
]]>