Security

This section lists the elements you can use to configure Security.

This page discusses:

ProductSecurity

  • com.exalead.mercury.mami.master.v10.ProductSecurity
  • Defines the product security. Specifies how product components are exposed to the rest of the world. Also defines a set of identity provider configurations. Identity providers can be used to define authentication domain and to provide common authentication tools for different services (for example, admin UI and api console).
  • Attributes:
    Name Type Default value Description
    version long
    login string Root login. Can be used to connect to every secured UI. Also used for securing inter process communications when required.
    password string Root password. Encrypted using product RSA encryption key.
    secureInternalConnections boolean Basic authentication using product login - password.
  • Nested elements:
    Name Type Description
    trustedHost exa.bee.StringValue* Hostnames allowed for redirection. "*" means any characters. For example, *.exalead.com would allow all hosts in the exalead.com domain.
    IdentityProviderConfig com.exalead.mercury.mami.master.v10.IdentityProviderConfig*
    MAMISecurity com.exalead.mercury.mami.master.v10.MAMISecurity
    PushAPISecurity com.exalead.mercury.mami.master.v10.PushAPISecurity
    SearchAPISecurity com.exalead.mercury.mami.master.v10.SearchAPISecurity

IdentityProviderConfig

  • com.exalead.mercury.mami.master.v10.IdentityProviderConfig
  • Definition of an identity provider. Used, for example, by the admin ui components to define a common login API.
  • Parent elements:
    • com.exalead.mercury.mami.master.v10.ProductSecurity (as ProductSecurity)
  • Attributes:
    Name Type Default value Description
    name string Identity provider name.
    filterFactoryClassId string Optional classId of a specific FilterFactory to use instead of the default one. It is used to create a specific SecurityFilter to change the authentication method.
    securitySource string Associated security source.
    sessionInactivityTimeoutS long 21600 Sessions will time out after this time. -1 for no timeout
  • Nested elements:
    Name Type Description
    KeyValue exa.bee.KeyValue*

MAMISecurity

  • com.exalead.mercury.mami.master.v10.MAMISecurity
  • Management APIs security (gateway).
  • Parent elements:
    • com.exalead.mercury.mami.master.v10.ProductSecurity (as ProductSecurity)
  • Attributes:
    Name Type Default value Description
    login string Login. Set to null to disable authentication.
    password string Password. Encrypted using product RSA encryption key.
    useHttps boolean Secures connection with HTTPS.
    serverCertificate string When using HTTPS, name of a sertificate inside the security folder of the data directory. When not provided the default certificate is used.
  • Nested elements:
    Name Type Description
    IPRule com.exalead.mercury.mami.master.v10.IPRule*

IPRule

  • com.exalead.mercury.mami.master.v10.IPRule
  • Deprecated)
  • IP Rule.
  • Parent elements:
    • com.exalead.mercury.mami.master.v10.MAMISecurity (as MAMISecurity)
    • com.exalead.mercury.mami.master.v10.SearchAPISecurity (as SearchAPISecurity)
  • Attributes:
    Name Type Default value Description
    allow boolean Allows the IP address access.
    addr string Address.
    mask string Mask.

PushAPISecurity

  • com.exalead.mercury.mami.master.v10.PushAPISecurity
  • PushAPI Security Warning on contrary to MAMI Security and Search API Security, the login and password are configured at the connector config level.
  • Parent elements:
    • com.exalead.mercury.mami.master.v10.ProductSecurity (as ProductSecurity)
  • Attributes:
    Name Type Default value Description
    serverCertificate string When using HTTPS, name of a sertificate inside the security folder of the data directory. When not provided the default certificate is used.
    useHttps boolean Secures connection with HTTPS.

SearchAPISecurity

  • com.exalead.mercury.mami.master.v10.SearchAPISecurity
  • Class used for search API security (search, fetch). Defines whether the connection to the search API should be authenticated and/or secured.
  • Parent elements:
    • com.exalead.mercury.mami.master.v10.ProductSecurity (as ProductSecurity)
  • Attributes:
    Name Type Default value Description
    login string Login. Set to null to disable authentication.
    password string Password. Encrypted using product RSA encryption key.
    useHttps boolean Secures connection with HTTPS.
    serverCertificate string When using HTTPS, name of a sertificate inside the security folder of the data directory. When not provided the default certificate is used.
  • Nested elements:
    Name Type Description
    IPRule com.exalead.mercury.mami.master.v10.IPRule*

SecuritySourceList

  • com.exalead.mercury.mami.master.v10.SecuritySourceList
  • List of security sources
  • Attributes:
    Name Type Default value Description
    version long
    strictConfig boolean Stops deployment if a security source failed to initialize.
  • Nested elements:
    Name Type Description
    SecuritySourceBase com.exalead.mercury.mami.master.v10.SecuritySourceBase*

MetaSecuritySource

  • com.exalead.mercury.mami.master.v10.MetaSecuritySource
  • Meta security source configuration
  • Parent elements:
    • com.exalead.mercury.mami.master.v10.SecuritySourceList (as SecuritySourceList)
  • Attributes:
    Name Type Default value Description
    name string Security source name
    deploy boolean True Will this security source be deployed?
    type enum(First, Merge, No Authentication) First Type of action when an authentication succeeds Value can be null or one of
    • First
    • Merge
    • No Authentication
    forcedTokens string An optional comma-separated list of tokens which will be appended to all authenticated users.
  • Nested elements:
    Name Type Description
    AuthenticationSource com.exalead.mercury.mami.master.v10.AuthenticationSource* List of sources on which authentication will be performed
    AuthorizationSource com.exalead.mercury.mami.master.v10.AuthorizationSource* List of sources for which token will be retrieved if an authentication has succeeded.

AuthenticationSource

  • com.exalead.mercury.mami.master.v10.AuthenticationSource
  • No documentation for this element.
  • Parent elements:
    • com.exalead.mercury.mami.master.v10.MetaSecuritySource (as MetaSecuritySource)
  • Attributes:
    Name Type Default value Description
    name string The name of the security source.
    rewrittenLogin string Can be used to rewrite the login. '$login' will be replaced by the user's login. For example, OFFICE\$login

AuthorizationSource

  • com.exalead.mercury.mami.master.v10.AuthorizationSource
  • No documentation for this element.
  • Parent elements:
    • com.exalead.mercury.mami.master.v10.MetaSecuritySource (as MetaSecuritySource)
  • Attributes:
    Name Type Default value Description
    name string The name of the security source.
    rewrittenLogin string Can be used to rewrite the login. '$login' will be replaced by the user's login. For example, OFFICE\$login
    passwordIsMandatory boolean Forces the password to match

SecuritySource

  • com.exalead.mercury.mami.master.v10.SecuritySource
  • Security source configuration
  • Parent elements:
    • com.exalead.mercury.mami.master.v10.SecuritySourceList (as SecuritySourceList)
  • Attributes:
    Name Type Default value Description
    name string Security source name
    deploy boolean True Will this security source be deployed?
    classId string Security source type
    customClassId string Customized security source type
    singleInstance boolean Will this source be deployed on each security command?
  • Nested elements:
    Name Type Description
    config exa.bee.KeyValue*

RemoteHttpSource

  • com.exalead.mercury.mami.master.v10.RemoteHttpSource
  • Remote Http security source configuration
  • Parent elements:
    • com.exalead.mercury.mami.master.v10.SecuritySourceList (as SecuritySourceList)
  • Attributes:
    Name Type Default value Description
    name string Security source name
    deploy boolean True Will this security source be deployed?
    service string Service path on the remote security source
    isAlivePath string The path to determine if the service is available on hosts. Not used if null.
    maxRetries int Number of retries before skipping an host
  • Nested elements:
    Name Type Description
    RemoteHttpConfig com.exalead.mercury.mami.master.v10.RemoteHttpConfig* Hosts on which authentication will be performed

RemoteHttpConfig

  • com.exalead.mercury.mami.master.v10.RemoteHttpConfig
  • Security source config. The list of uri used by RemoteHttpSource
  • Parent elements:
    • com.exalead.mercury.mami.master.v10.RemoteHttpSource (as RemoteHttpSource)
  • Attributes:
    Name Type Default value Description
    protocol enum(http, https) http Protocol of the remote security source host
    host string Hostname of the remote security source
    port int 80 Port of the remote security source
    power int 1 Priority of this host

KeyValue

  • exa.bee.KeyValue
  • No documentation for this element.
  • Parent elements:
    • com.exalead.mercury.mami.master.v10.IdentityProviderConfig (as IdentityProviderConfig)
    • exa.bee.KeyValue (as KeyValue)
    • com.exalead.mercury.mami.master.v10.SecuritySource (as config)
  • Attributes:
    Name Type Default value Description
    key string The name of the key
    value string
    type string
    description string
  • Nested elements:
    Name Type Description
    KeyValue exa.bee.KeyValue*

StringValue

  • exa.bee.StringValue
  • No documentation for this element.
  • Parent elements:
    • com.exalead.mercury.mami.master.v10.ProductSecurity (as trustedHost)
  • Attributes:
    Name Type Default value Description
    value string