Element | Description | Class |
---|---|---|
ldap-bind-store | An implementation of an Identity and Credential Store which obtains credential, user and
role information from an LDAP server using JNDI, based on the configuration properties.
It allows to set whatever options your LDAP JNDI provider supports your Gateway configuration file. Examples of standard property names are:
This store implementation is both an Identity Store and Credential Store. Since in JOSSO the authentication of the user is left to the configured Authentication Scheme, this store implementation cannot delegate user identity assertion by binding to the LDAP server. For that reason it retrieves the required credentials from the directory leaving the authentication procedure to the configured Authentication Scheme. The store must be supplied with the configuratoin parameters so that it can retrieve user identity information.
Additional component properties include:
<sso-identity-store> <class>org.josso.gateway.identity.service.store.ldap.LDAPBindIdentityStore</class> <initialContextFactory>com.sun.jndi.ldap.LdapCtxFactory</initialContextFactory> <providerUrl>ldap://localhost</providerUrl> <securityPrincipal>cn=Manager\,dc=my-domain\,dc=com</securityPrincipal> <securityCredential>secret</securityCredential> <securityAuthentication>simple</securityAuthentication> <usersCtxDN>ou=People\,dc=my-domain\,dc=com</usersCtxDN> <principalUidAttributeID>uid</principalUidAttributeID> <rolesCtxDN>ou=Roles\,dc=my-domain\,dc=com</rolesCtxDN> <uidAttributeID>uniquemember</uidAttributeID> <roleAttributeID>cn</roleAttributeID> <credentialQueryString>uid=username\,userPassword=password</credentialQueryString> <userPropertiesQueryString>mail=mail\,cn=description</userPropertiesQueryString> </sso-identity-store> A sample LDAP Credential Store configuration :
<credential-store> <class>org.josso.gateway.identity.service.store.ldap.LDAPBindIdentityStore</class> <initialContextFactory>com.sun.jndi.ldap.LdapCtxFactory</initialContextFactory> <providerUrl>ldap://localhost</providerUrl> <securityPrincipal>cn=Manager\,dc=my-domain\,dc=com</securityPrincipal> <securityCredential>secret</securityCredential> <securityAuthentication>simple</securityAuthentication> <usersCtxDN>ou=People\,dc=my-domain\,dc=com</usersCtxDN> <principalUidAttributeID>uid</principalUidAttributeID> <rolesCtxDN>ou=Roles\,dc=my-domain\,dc=com</rolesCtxDN> <uidAttributeID>uniquemember</uidAttributeID> <roleAttributeID>cn</roleAttributeID> <credentialQueryString>uid=username\,userPassword=password</credentialQueryString> <userPropertiesQueryString>mail=mail\,cn=description</userPropertiesQueryString> </credential-store> | org.josso.gateway.identity.service.store.ldap.LDAPBindIdentityStore |
ldap-store | An implementation of an Identity and Credential Store which obtains credential, user and
role information from an LDAP server using JNDI, based on the configuration properties.
It allows to set whatever options your LDAP JNDI provider supports your Gateway configuration file. Examples of standard property names are:
This store implementation is both an Identity Store and Credential Store. Since in JOSSO the authentication of the user is left to the configured Authentication Scheme, this store implementation cannot delegate user identity assertion by binding to the LDAP server. For that reason it retrieves the required credentials from the directory leaving the authentication procedure to the configured Authentication Scheme. The store must be supplied with the configuratoin parameters so that it can retrieve user identity information.
Additional component properties include:
<sso-identity-store> <class>org.josso.gateway.identity.service.store.ldap.LDAPIdentityStore</class> <initialContextFactory>com.sun.jndi.ldap.LdapCtxFactory</initialContextFactory> <providerUrl>ldap://localhost</providerUrl> <securityPrincipal>cn=Manager\,dc=my-domain\,dc=com</securityPrincipal> <securityCredential>secret</securityCredential> <securityAuthentication>simple</securityAuthentication> <usersCtxDN>ou=People\,dc=my-domain\,dc=com</usersCtxDN> <principalUidAttributeID>uid</principalUidAttributeID> <rolesCtxDN>ou=Roles\,dc=my-domain\,dc=com</rolesCtxDN> <uidAttributeID>uniquemember</uidAttributeID> <roleMatchingMode>UDN</roleMatchingMode> <roleAttributeID>cn</roleAttributeID> <credentialQueryString>uid=username\,userPassword=password</credentialQueryString> <userPropertiesQueryString>mail=mail\,cn=description</userPropertiesQueryString> <ldapSearchScope>SUBTREE</ldapSearchScope> </sso-identity-store> A sample LDAP Credential Store configuration :
<credential-store> <class>org.josso.gateway.identity.service.store.ldap.LDAPIdentityStore</class> <initialContextFactory>com.sun.jndi.ldap.LdapCtxFactory</initialContextFactory> <providerUrl>ldap://localhost</providerUrl> <securityPrincipal>cn=Manager\,dc=my-domain\,dc=com</securityPrincipal> <securityCredential>secret</securityCredential> <securityAuthentication>simple</securityAuthentication> <usersCtxDN>ou=People\,dc=my-domain\,dc=com</usersCtxDN> <principalUidAttributeID>uid</principalUidAttributeID> <rolesCtxDN>ou=Roles\,dc=my-domain\,dc=com</rolesCtxDN> <uidAttributeID>uniquemember</uidAttributeID> <roleAttributeID>cn</roleAttributeID> <credentialQueryString>uid=username\,userPassword=password</credentialQueryString> <userPropertiesQueryString>mail=mail\,cn=description</userPropertiesQueryString> </credential-store> | org.josso.gateway.identity.service.store.ldap.LDAPIdentityStore |
Attribute | Type | Description |
---|---|---|
credentialQueryString | xs:string | |
enableStartTls | xs:boolean | |
initialContextFactory | xs:string | Configuration Properties |
ldapSearchScope | xs:string | |
principalLookupAttributeID | xs:string | |
principalUidAttributeID | xs:string | |
providerUrl | xs:string | |
roleAttributeID | xs:string | |
roleMatchingMode | xs:string | |
rolesCtxDN | xs:string | |
securityAuthentication | xs:string | |
securityCredential | xs:string | |
securityPrincipal | xs:string | |
securityProtocol | xs:string | |
trustStore | xs:string | |
trustStorePassword | xs:string | |
uidAttributeID | xs:string | |
updateableCredentialAttribute | xs:string | |
useBindCredentials | xs:boolean | |
userCertificateAtrributeID | xs:string | |
userPropertiesQueryString | xs:string | |
usersCtxDN | xs:string |
Attribute | Type | Description |
---|---|---|
credentialQueryString | xs:string | |
enableStartTls | xs:boolean | |
initialContextFactory | xs:string | Configuration Properties |
ldapSearchScope | xs:string | |
principalLookupAttributeID | xs:string | |
principalUidAttributeID | xs:string | |
providerUrl | xs:string | |
roleAttributeID | xs:string | |
roleMatchingMode | xs:string | |
rolesCtxDN | xs:string | |
securityAuthentication | xs:string | |
securityCredential | xs:string | |
securityPrincipal | xs:string | |
securityProtocol | xs:string | |
trustStore | xs:string | |
trustStorePassword | xs:string | |
uidAttributeID | xs:string | |
updateableCredentialAttribute | xs:string | |
useBindCredentials | xs:boolean | |
userCertificateAtrributeID | xs:string | |
userPropertiesQueryString | xs:string | |
usersCtxDN | xs:string |