Standard authentication using standard Spring authentication mechanism. No extra actions needed to use it, it is available by default.
Default authentication using a standard Spring authentication mechanism. No extra actions are needed to use it, it is available by default. You can choose from the following password encoder security algorithms:
To select a pbkdf2 algorithms, you must set hyperon.security.passwordEncoder property in the application.properties file as follows:
What's more, you can choose the complexity of bcrypt algorithm. In order to do that, a hyperon.security.bcrypt.complexity property in the application.properties must be set. Values between 4 and 31 are accepted, 5 is used by default. The bigger the value the safer algorithm is, but the performance impact is also increasing.
authType environment variable must be set to "ad"
To use Active Directory authentication, 3 properties must be specified in application.properties file:
- hyperon.ad.domain Active Directory main root (usually server domain, for example: domain.local).
- hyperon.ad.url Active Directory server url, for example: ldap://192.168.0.156:389/
- hyperon.ad.rootDn (optional) DN root.
Requirements for AD user:
- Login - not empty, min size: 1, max size: 200
- First name - not empty, min size: 1
- Last name - not empty, min size: 1
- E-mail address - if empty Hyperon generates default e-mail consistent with schema: 'firstname.lastname@example.org'
- Roles - min one role consistent with Hyperon role
Hyperon supports role management. Roles defined in Active Directory must be compatible with roles in Hyperon structure.
Hierarchy of roles in Hyperon:
- MPP_ADMIN - Hyperon Administrator
- MPP_USER - Hyperon User
- MPP_USER_READONLY - Readonly Hyperon User
- HYPERON_SUPERPACK_IMPORT - Readonly Hyperon User with grant to import Superpack
It is possible to create own roles in AD but remember to create same roles in Hyperon structure. It's necessary to proper authentication process.
In bin/setenv.sh set flag for Java Virtual Machine:
Authentication in Hyperon Studio can be set by environment variable authType.
In conf/application.properties set properties:
1. Configure Tomcat to use HTTPS.
2. Set authType environment variable to "saml".
3. Fill properties:
- hyperon.saml.idpMetadataFilePath= #Path to identity provider metadata file
- hyperon.saml.responseSkew=60 #Maximum difference between local time and time of the assertion creation in seconds which still allows message to be processed. Basically determines maximum difference between clocks of the identity provider and Hyperon Studio machines.
- hyperon.saml.roles.origin= ##internal or saml
4. Generate metadata from Hyperon Studio .
5. Import generated metadata into Identity Provider.
6. Configure Identity Provider to send attributes with assertion response.
- NAME_ID (this is used as user login)
- roles (if hyperon.saml.roles.origin=saml is specified roles are taken from assertion response therefore identity provider must be configured to send it with response)
If you choose to set hyperon.saml.roles.origin to "internal" Hyperon will be taking roles from database instead of saml assertion response in order to authorize user. In that case role for first admin user need to be specified through sql insert.