Administrator

Populate JAAS Subject From Client Configuration Properties

The Populate JAAS Subject From Client provider enables administrators to add client values as named credentials, name principals, and role principals to the authenticated subject.

Description

This provider adds the configured values from the shared-context client HTTP map as the specified NamedCredentials to the authenticated subject. Adding client values as named credentials allows them to be used for single sign-on. When authenticating the user with a token from the client session, if the corresponding authentication provider is unable to retrieve the user name from the token and add it as a principal for use in impersonation checking, the administrator can configure this provider to add the appropriate header value from the client session as a principal to the authenticated subject.

This provider does not authenticate a subject but can add NamedCredentials, NamedPrincipals, and RolePrincipals if a user is successfully authenticated by other providers.

Properties

Table 56: Populate JAAS Subject From Client Properties
Configuration Option Default Value Description
Description None Differentiate between multiple instances of the same provider type; for example, when you have multiple authentication providers of the same type stacked in a security profile, and each targets a different repository.
Client HTTP Values As Named Credentials None Comma-separated list of mappings that specify the names of attributes (headers and cookies) from the client HTTP communication channel that should be added as credentials after successful authentication and the corresponding names to be associated with the credentials. For example:
httpHeaderName:credentialName1
httpCookieName:credentialName2
Client HTTP Values As Name Principals None Comma-separated list of attributes (headers and cookies) from the client HTTP communication channel that should be added as name principals after successful authentication. For example:
clientPropertyName2, clientPropertyName10
Client HTTP Values As Role Principals None Comma-separated list of attributes (headers and cookies) from the client HTTP communication channel that should be added as role principals after successful authentication. For example:
clientPropertyName2, clientPropertyName10

To validate your settings, click Test Settings. A message reports either success or failure; if validation fails, invalid settings are highlighted.