Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
titleMulti Group Realms
collapsetrue
[main]
A#Ldap1 = com.sos.auth.shiro.SOSLdapAuthorizingRealm
 
A#Ldap1.userDnTemplate = uid={0},dc=example,dc=com
A#Ldap1.searchBase = dc=example,dc=com
A#Ldap1.contextFactory.url = ldap://ldap.forumsys.com:389
 
A#Ldap1.groupNameAttribute = ou
A#Ldap1.userNameAttribute = uid
 
A#Ldap1.rolePermissionResolver = $rolePermissionResolver
A#Ldap1.userSearchFilter = (uniqueMember=uid=%s,dc=example,dc=com)
A#Ldap1.groupRolesMap = \
  scientists : r1, \
  mathematicians: r2
A#Ldap1.roleAssignmentFromIni = false
 
A#Ldap2 = com.sos.auth.shiro.SOSLdapAuthorizingRealm
...

B#Ldap1 = com.sos.auth.shiro.SOSLdapAuthorizingRealm
...

B#Ldap2 = com.sos.auth.shiro.SOSLdapAuthorizingRealm
...

rolePermissionResolver = com.sos.auth.shiro.SOSPermissionResolverAdapter
rolePermissionResolver.ini = $iniRealm
 
authcStrategy = org.apache.shiro.authc.pam.SOSFirstSuccessfulGroupStrategy
securityManager.authenticator.authenticationStrategy = $authcStrategy
securityManager.realms = $A#Ldap1,$A#Ldap2,$B#Ldap1,$B#Ldap2
cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
securityManager.cacheManager = $cacheManager

...


Find a number of examples for the behavior with different strategies from the following chapters.

SOSFirstSuccessfulGroupStrategy

Code Block
authcStrategy = org.apache.shiro.authc.pam.SOSFirstSuccessfulGroupStrategy
securityManager.authenticator.authenticationStrategy = $authcStrategy

...

A#Ldap1A#Ldap2B#Ldap1B#Ldap2Resulting Role Assignments
xxxxA#Ldap1, B#Ldap1
x xxA#Ldap1, B#Ldap1
xx xA#Ldap1, B#Ldap2
xxx A#Ldap1, B#Ldap1
 xxxA#Ldap2, B#Ldap1
xx  fail
x x A#Ldap1, B#Ldap1
x  xA#Ldap1, B#Ldap2
 xx A#Ldap2, B#Ldap1
 x xA#Ldap2, B#Ldap2
  xxfail
x   fail
 x  fail
  x fail
   xfail
    fail


SOSAllSuccessfulGroupStrategy

Code Block
authcStrategy = org.apache.shiro.authc.pam.SOSAllSuccessfulGroupStrategy
securityManager.authenticator.authenticationStrategy = $authcStrategy

...

A#Ldap1A#Ldap2B#Ldap1B#Ldap2Resulting Role Assignments
xxxxA#Ldap1, A#Ldap2, B#Ldap1, B#Ldap2
x xxB#Ldap1, B#Ldap2
xx xA#Ldap1, A#Ldap2
xxx A#Ldap1, A#Ldap2
 xxxB#Ldap1, B#Ldap2
xx  A#Ldap1, A#Ldap2
x x fail
x  xfail
 xx fail
 x xfail
  xxB#Ldap1, B#Ldap2
x   fail
 x  fail
  x fail
   xfail
    fail



SOSAllSuccessfulFirstGroupStrategy

Code Block
authcStrategy = org.apache.shiro.authc.pam.SOSAllSuccessfulFirstGroupStrategy
securityManager.authenticator.authenticationStrategy = $authcStrategy

...

A#Ldap1A#Ldap2B#Ldap1B#Ldap2Resulting Role Assignments
xxxxA#Ldap1, A#Ldap2
x xxB#Ldap1, B#Ldap2
xx xA#Ldap1, A#Ldap2
xxx A#Ldap1, A#Ldap2
 xxxB#Ldap1, B#Ldap2
xx  A#Ldap1, A#Ldap2
x x fail
x  xfail
 xx fail
 x xfail
  xxB#Ldap1, B#Ldap2
x   fail
 x  fail
  x fail
   xfail
    fail


SOSAtLeastOneSuccessfulGroupStrategy

Code Block
authcStrategy = org.apache.shiro.authc.pam.SOSAtLeastOneSuccessfulGroupStrategy
securityManager.authenticator.authenticationStrategy = $authcStrategy

...