...
| Excerpt |
|---|
The JOC Cockpit brings user authentication - usually against an LDAP directory - and authorization to the JobScheduler. Authentication can either take place against a Shiro compliant configuration file or an LDAP compliant directory service. The JOC Cockpit is able to handle authentication of multiple users and their authorization for multiple JobSchedulers simultaneously. |
...
- The JOC Cockpit accepts the user name and password from the login screen and
- either tries to login to the Active Directory service with the given credentials
- or tries to verify the credentials from its local configuration file,
- or checks the credentials in a Shiro compliant database.
- The credentials are subsequently used for HTTP Authentication with each http HTTP request that is created by the JOC Cockpit to the JobScheduler Web Services.
- Browsers may cache credentials during a session, i.e. they are re-used for single sign-on when opening the JOC Cockpit in a new browser tab. The credentials cache is cleared on termination of the browser.
- This behavior might vary depending on the browser and version.
...
- After successful authentication the JOC Cockpit will check the assignement assignment of roles to the given user
- either by using a configurable LDAP query that checks membership of the user with a number of Active Directory groups. An LDAP query is configured for each role and in case of a positive match for group membership the user is assigned the respective role.
- or by using its local configuration file that includes a assignment of users and roles.
- The assignment of permissions to roles is configured with the local shiro.ini configuration file.
- By default the JOC Cockpit ships with a number of predefined roles and assigned permission, see below Matrix of Roles and Permissions.
- Roles can be added.
- The assignment of permissions to roles can be changed.
...