The Data View Username Password HTTP User Authenticator provides authentication for users identified by a username and password by using a regular expression to translate the provided username into a search filter to locate the appropriate user resource in a Data View.
This may be used, for example, if the provided identifier is expected to be an e-mail address or Kerberos principal, but only the username portion (the part before the '@' symbol) should be used in the mapping process. For example, the username 'js12345@unboundid.com' should map to a user where the uid is js12345 and the domain is unboundid.com. The match-pattern would be ^(.*)@(.*)$ and the match-filter would be "userName eq $1 and organization eq $2". The '(.*)' before and after the '@' symbol matches the portions before and after the symbol and stores them in the $1 and $2 variables respectively. These variables are then used in the replacement search filter.
Note that a replacement will be made only if all or part of the provided username matches the given match pattern. This mapper may be configured to look in one or more search bases. In order for the mapping to be established properly, exactly one entry must be returned from the search with the translated search filter.
↓Parent Component
↓Properties
↓dsconfig Usage
The Data View Username Password HTTP User Authenticator component inherits from the HTTP User Authenticator
The properties supported by this managed object are as follows:
Basic Properties: | Advanced Properties: |
---|---|
↓ description | None |
↓ enabled | |
↓ fail-on-user-not-found | |
↓ data-view | |
↓ match-filter | |
↓ match-pattern |
Description | A description for this HTTP User Authenticator |
Default Value | None |
Allowed Values | A string |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
Description | Indicates whether this HTTP User Authenticator is enabled for use. |
Default Value | None |
Allowed Values | true false |
Multi-Valued | No |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
Description | Specifies whether to fail the authentication immediately or to use the next configured authenticator when a user resource is not found from the data view |
Default Value | false |
Allowed Values | true false |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
Description | Specifies the names of the data views that should be searched to locate a matching user when performing the authentication. The asterisk '*' character may be specified to locate a matching user using any of the configured data views that have not been previously searched. The remaining data views will be searched in unspecified order until the first data view successfully authenticates the request. |
Default Value | BrokerAdmin * |
Allowed Values | A string |
Multi-Valued | Yes |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
Description | Specifies the SCIM search filter that should be used when performing searches to map the provided username to a user resource. The filter pattern may include a string from a capturing group matched by the match pattern by using a dollar sign ($) followed by an integer value that indicates which capturing group should be used. Capture group 0 refers to the entire username that matched. For example, the match-filter "userName eq $1 and organization eq $2" with a match-pattern of ^(.*)@(.*)$ will substitute $1 and $2 with the portions before and after the '@' symbol in the username respectively. |
Default Value | None |
Allowed Values | A string |
Multi-Valued | No |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
Description | Specifies the regular expression pattern that is used to identify portions of the username that will be replaced. Any portion of the username that matches this pattern is replaced in accordance with the provided match-filter replace pattern. If multiple substrings within the given username match this pattern, all occurrences are replaced. If no part of the given username matches this pattern, the match-filter is not altered. It must be a valid regular expression as described in the API documentation for the java.util.regex.Pattern class, including support for capturing groups. For example, a match-pattern of ^(.*)@(.*)$ will match an e-mail address username. The match-filter "userName eq $1 and organization eq $2" may then be used to substitute $1 and $2 with the portions before and after the '@' symbol in the username respectively. |
Default Value | ^.*$ |
Allowed Values | Any valid regular expression pattern which is supported by the javax.util.regex.Pattern class (see http://docs.oracle.com/javase/6/docs/api/java/util/regex/Pattern.html for documentation about this class for Java SE 6). |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
To list the configured HTTP User Authenticators:
dsconfig list-http-user-authenticators [--property {propertyName}] ...
To view the configuration for an existing HTTP User Authenticator:
dsconfig get-http-user-authenticator-prop --authenticator-name {name} [--tab-delimited] [--script-friendly] [--property {propertyName}] ...
To update the configuration for an existing HTTP User Authenticator:
dsconfig set-http-user-authenticator-prop --authenticator-name {name} (--set|--add|--remove) {propertyName}:{propertyValue} [(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new Data View Username Password HTTP User Authenticator:
dsconfig create-http-user-authenticator --authenticator-name {name} --type data-view-username-password --set enabled:{propertyValue} --set match-filter:{propertyValue} [--set {propertyName}:{propertyValue}] ...
To delete an existing HTTP User Authenticator:
dsconfig delete-http-user-authenticator --authenticator-name {name}