Federate Several Security Sources

You can use security source dispatchers to federate several security sources.

Documents are coming from several different connectors. Each connector is associated to a security model with different credentials. The goal is to provide a unified page so that the user only needs to log on once, and see all the documents from all the sources the user can access to.

Define:

  • The security source tokens to retrieve.

  • For each security source:

    • Is the user who they claim to be?

    • What are the access rights linked to the user?

This task shows you how to:

See Also
Remote HTTP Security Source
Local UNIX Security Source
Local Windows Security Source
LDAP Security Source

Security Source Logins

Context:

If the login is not identical on each source, you need to map the login entered by the user with the pattern that exists in all the other security sources. In this case, use the Login rewriting field and the $login variable.

Example:

John Doe is identified by mydomain\jdoe in the first security source and by jdoe@mycompany.com in the second security source.

To map both logins, enter in the Login rewriting field:

  • mydomain\$login for the first security source

  • $login@mycompany.com for the second security source

Authentication checks that the user exists and that their password is correct. It is mandatory for at least one security source.

Authorization retrieves access rights granted to the user (security tokens). Password is optional. If the password check fails, no access right is granted to the user for the security source.

Create a Security Source Dispatcher

  1. In the Administration Console, go to Search > Security Sources and click Add security source.
  2. In Name, enter a name for the security source.
  3. In Type, select Security source dispatcher.
  4. Click Accept.
  5. In the Configuration tab, configure the Authentication behavior:
    • First: retrieves the tokens for the first security source on which the user successfully authenticates.
    • Merge: retrieves the tokens for all security sources on which the user successfully authenticates.
    • No authentication: removes the authentication constraint. This is useful when users connect through SSO.
  6. In the Configuration tab, configure the Additional tokens: for example, if you need to create a group of users, add security tokens.
  7. In the Configuration tab, configure the Security sources:
    1. Name: select the security sources you want to federate.
    2. Login rewriting: if required, set the login schema to use.
    3. Source type: select either the authentication or authorization mode.
    4. Check password: select this check box if you want to check the password when using the authorization security source.
    5. Actions: use the arrows to organize security sources.
  8. Test user authentication to make sure that your security source dispatcher is properly configured.