...
- All Realms with the same group will be checked group-wise.
- In every group there must be one Realm that can be authenticated, otherwise authentication will fail for all groups.
- The roles from the first Realm per group will be added to the roles the user is assigned.If
| A#Ldap1 |
|---|
...
| A#Ldap2 | B#Ldap1 | B#Ldap2 | result | |
|---|---|---|---|---|
| x | x | x | x | A#Ldap1, B#Ldap1 |
| x | x | x | A#Ldap1, B#Ldap1 | |
| x | x | x | A#Ldap1, B#Ldap2 | |
| x | x | x | A#Ldap1, B#Ldap1 | |
| x | x | x | A#Ldap2, B#Ldap1 | |
| x | x | fail | ||
| x | x | A#Ldap1, B#Ldap1 | ||
| x | x | A#Ldap1, B#Ldap2 | ||
| x | x | A#Ldap2, B#Ldap1 | ||
| x | x | A#Ldap2, B#Ldap2 | ||
| x | x | fail | ||
| x | fail | |||
| x | fail | |||
| x | fail | |||
| x | fail | |||
| fail |
SOSAllSuccessfulGroupStrategy
| Code Block |
|---|
authcStrategy = org.apache.shiro.authc.pam.SOSAllSuccessfulGroupStrategy
securityManager.authenticator.authenticationStrategy = $authcStrategy |
Explanation
- All realms with the same group will be checked group-wise.
- In at least one group all Realms must be authenticated.
- The roles from Realms in groups where all Realms can be authenticated will be merged to the roles the user is assigned
| A#Ldap1 | A#Ldap2 | B#Ldap1 | B#Ldap2 | result |
|---|---|---|---|---|
| x | x | x | x | A#Ldap1, A#Ldap2, B#Ldap1, B#Ldap2 |
| x | x | x | B#Ldap1, B#Ldap2 | |
| x | x | x | A#Ldap1, A#Ldap2 | |
| x | x | x | A#Ldap1, A#Ldap2 | |
| x | x | x | B#Ldap1, B#Ldap2 | |
| x | x | A#Ldap1, A#Ldap2 | ||
| x | x | fail | ||
| x | x | fail | ||
| x | x | fail | ||
| x | x | fail | ||
| x | x | B#Ldap1, B#Ldap2 | ||
| x | fail | |||
| x | fail | |||
| x | fail | |||
| x | fail | |||
| fail |
SOSAllSuccessfulFirstGroupStrategy
| Code Block |
|---|
authcStrategy = org.apache.shiro.authc.pam.SOSAllSuccessfulFirstGroupStrategy
securityManager.authenticator.authenticationStrategy = $authcStrategy |
Explanation
- All Realms with the same group will be checked group-wise.
- In at least one group all Realms must be authenticated.
- The roles from Realms in the first group where all Realms can be authenticated will be merged with other roles the user may be assigned.
| A#Ldap1 | A#Ldap2 | B#Ldap1 | B#Ldap2 | result |
|---|---|---|---|---|
| x | x | x | x | A#Ldap1, A#Ldap2 |
| x | x | x | B#Ldap1, B#Ldap2 | |
| x | x | x | A#Ldap1, A#Ldap2 | |
| x | x | x | A#Ldap1, A#Ldap2 | |
| x | x | x | B#Ldap1, B#Ldap2 | |
| x | x | A#Ldap1, A#Ldap2 | ||
| x | x | fail | ||
| x | x | fail | ||
| x | x | fail | ||
| x | x | fail | ||
| x | x | B#Ldap1, B#Ldap2 | ||
| x | fail | |||
| x | fail | |||
| x | fail | |||
| x | fail | |||
| fail |
SOSAtLeastOneSuccessfulGroupStrategy
| Code Block |
|---|
authcStrategy = org.apache.shiro.authc.pam.SOSAtLeastOneSuccessfulGroupStrategy
securityManager.authenticator.authenticationStrategy = $authcStrategy |
Explanation
- All Realms with the same group will be checked group-wise.
- At least one Realm must be authenticated in every group.
- The roles from Realms that have been authenticated will be merged with other roles the user may be assigned.
| A#Ldap1 | A#Ldap2 | B#Ldap1 | B#Ldap2 | result |
|---|---|---|---|---|
| x | x | x | x | A#Ldap1, A#Ldap2, B#Ldap1, B#Ldap2 |
| x | x | x | A#Ldap1, B#Ldap1, B#Ldap2 | |
| x | x | x | A#Ldap1, A#Ldap2, B#Ldap2 | |
| x | x | x | A#Ldap1, A#Ldap2, B#Ldap1 | |
| x | x | x | A#Ldap2, B#Ldap1, B#Ldap2 | |
| x | x | fail | ||
| x | x | A#Ldap1, B#Ldap1 | ||
| x | x | A#Ldap1, B#Ldap2 | ||
| x | x | A#Ldap2, B#Ldap1 | ||
| x | x | A#Ldap2, B#Ldap2 | ||
| x | x | fail | ||
| x | fail | |||
| x | fail | |||
| x | fail | |||
| x | fail | |||
| fail |
SOSAllSuccessfulGroupStrategy
| Code Block |
|---|
authcStrategy = org.apache.shiro.authc.pam.SOSAllSuccessfulGroupStrategy
securityManager.authenticator.authenticationStrategy = $authcStrategy |
- All realms with the same group will be checked group-wise.
- In at least one group all Realms must be authenticated.
- The roles from Realms in groups where all Realms can be authenticated will be merged to the roles the user is assigned.
Examples:
- If A#Ldap1, A#Ldap2 and B#Ldap1, B#Ldap2 can authenticate then the user will be assigned the roles a1, a2, b1, b2.
- If A#Ldap1, A#Ldap2 and B#Ldap1 can authenticate than the user will have the roles a1, a2.
- If A#Ldap2 and B#Ldap1 can authenticate then authentication will fail.
SOSAllSuccessfulFirstGroupStrategy
| Code Block |
|---|
authcStrategy = org.apache.shiro.authc.pam.SOSAllSuccessfulFirstGroupStrategy
securityManager.authenticator.authenticationStrategy = $authcStrategy |
- All Realms with the same group will be checked group-wise.
- In at least one group all Realms must be authenticated.
- The roles from Realms in the first group where all Realms can be authenticated will be merged with other roles the user may be assigned.
Example:
- If A#Ldap1, and B#Ldap1, B#Ldap2 can authenticate then the user will be assigned the roles b1, b2
- If A#Ldap1, A#Ldap2 and B#Ldap2 can authenticate then the user will be assigned the roles a1, a2
- If A#Ldap1 and B#Ldap2 can authenticate then authentication will fail.
SOSAtLeastOneSuccessfulGroupStrategy
| Code Block |
|---|
authcStrategy = org.apache.shiro.authc.pam.SOSAtLeastOneSuccessfulGroupStrategy
securityManager.authenticator.authenticationStrategy = $authcStrategy |
- All Realms with the same group will be checked group-wise.
- At least one Realm must be authenticated in every group.
- The roles from Realms that have been authenticated will be merged with other roles the user may be assigned.
Example:
...