Authentication

File

File based authentication is enabled by default. Users and passwords are stored in:

conf/password.properties

User entries have to follow this schema:

user.<userid>=<password>

The password is stored as a md5 hash.

To create such as hash, run:

echo -n "password" | md5sum

Kerberos

Kerberos realm authentication can be enabled, set the following Java system properties:

java.security.krb5.realm=<realm>java.security.krb5.kdc=<kdc>

Alternative configurations, e.g. to support multiple realms, can be found here

And add the following lines to conf/main.realm:

kerberosRealm=com.agosense.nucleus.security.realm.Kerberos5RealmkerberosRealm.jaasConfig=conf/login.confkerberosRealm.normalizeId=true

tip

Windows Active Directory usually provides a Kerberos realm, run klist on your windows machine to see kerberos details

Open ID Connect Authentication

First create a new client in your identity provider, record its different endpoint urls and the client secret.

For Microsoft Azure Active Directory follow these instructions.

Then enable the authentication by adding the following lines to the conf/main.realm:

oidcRealm=com.agosense.nucleus.security.oidc.OidcAuthenticationRealmoidcRealm.tokenEndpoint=http://localhost:8080/openid-connect/tokenoidcRealm.authEndpoint=http://localhost:8080/openid-connect/authoidcRealm.userInfoEndpoint=http://localhost:8080/openid-connect/userinfooidcRealm.logoutEndpoint=http://localhost:8080/openid-connect/logoutoidcRealm.clientId=symphonyoidcRealm.clientSecret=0fc23550-188f-49df-a681-b5535320be4e