Page History
...
- The
Identity Service Name
can be freely chosen. - The
Identity Service Type
can be selected as available from the above matrix. - The
Ordering
specifies the sequence in which a login is performed with available Identity Services. - The
Required
the attribute specifies if login with the respective Identity Service is required to be successful, for example if a number of Identity Services are triggered on login of a user account. - The
Identity Service Authentication Scheme
allows to selectsingle-factor
authentication: user account and password are specified for login with the Identity Service.two-factor
authentication: in addition or as an alternative to user account and password a Client Authentication Certificate is required, see JS7 - Certificate based Authentication
Manage User Accounts and Roles
Manage Settings
Settings are available at a global level and per Identity Service.
...
- JS7 - JOC Identity Service
- JS7 - LDAP Identity Service
- JS7 - HashiCorp® Vault Identity Service.
- The Shiro Identity Service does not require any settings.
Interaction of Identity Services
A number of Identity Services can be used at the same time:
- Required Identity Services: user login is performed with all required Identity Services.
- No Optional Identity Services are considered.
- If more than one Required Identity Service is configured then a user cannot log in if the login fails with any of the Identity Services.
- Permissions from all Required Identity Services are merged.
- Optional Identity Services: with the first successful login to an Identity Service the user is considered being logged in.
- No further optional Identity Services are consulted if a user login is successful with one of the Optional Identity Services.
- For example, if two Optional Identity Services
JOC
andLDAP
are configured in this sequence then the login to theJOC
Identity Service can fail and still the user might successfully login with theLDAP
Identity Service. - Permissions from the successful login to an Optional Identity Service are used.
- Disabled Identity Services are not considered for user login.
Identity Services are ordered to specify the sequence of preferred use for authentication.
Further Resources
...
Overview
Content Tools