Configuring User Authentication : Configuring User Authentication

Configuring User Authentication
This section explains how to select file-based authentication or LDAP-based authentication, and how to configure each authentication option. It also explains how to use a different JAAS login module, if you prefer to use a different implementation to the provided one. See User Authentication Overview for more background information.
To Use a Different JAAS Login Module
You can substitute a different implementation of the JAAS login module than the one provided. To configure the product to use your implementation, specify the location of your JAAS login configuration file using the following property at the appropriate level in the CDD file:
java.security.auth.login.config
For the TIBCO BusinessEvents Decision Manager BRMS application, the property is located in the cluster properties.
For the TIBCO BusinessEvents Views application, add the property in the dashboard-class agent properties for the TIBCO BusinessEvents Studio project.
For the TIBCO BusinessEvents Monitoring and Management component, the properties are found in the mm-class agent class, in the mm/auth property group.
To Configure the Authentication Type
If you use the provided JAAS login module, choose the authentication type and then configure it.
1.
2.
As needed add the property be.auth.type and set the value to file or ldap as desired. Below are the property locations and values used in different cases:
BEMM (emonitor project): In the mm-class agent class, in the mm/auth property group.
3.
If you enter file, then do the following to complete configuration:
a.
As needed add the property be.auth.file.location and set the value to the location of your password file. Below are the property and file locations used in different cases:
RMS (BRMS project): In the Cluster tab properties, in the RMS property group. The shipped file location is BE_HOME/rms/examples/users.pwd.
BEMM (emonitor project): In the mm-class agent class, in the mm/auth property group. The file location is BE_HOME/mm/config/users.pwd
TIBCO BusinessEvents Views: Add the authentication properties in the dashboard-agent class properties for the BusinessEvents project. To see a configured example project, import the following example project into TIBCO BusinessEvents Studio and open its CDD file: BE_HOME/examples/views/TickeTracker.
b.
4.
If you enter ldap, add and configure the LDAP properties shown in Table 44, Authentication Configuration Properties. Prior familiarity with LDAP is required. Details are not provided in this guide.
To Configure the Password File for File Based Authentication
In file-based authentication, you define a list of user names, passwords, and roles in a file called (by default) users.pwd file. This file is commonly referred to as the password file.
1.
2.
   Username:password:role,role,role;
The roles are used for authorization (access). However access control is currently used only in TIBCO BusinessEvents Decision Manager and is documented in TIBCO BusinessEvents Decision Manager User’s Guide. For other applications, omit the roles. In all cases, do not use spaces. For example:
   Mark:A31405D272B94E5D12E9A52A665D3BFE:BUSINESS_USER,APPROVER;
   James:21232f297a57a5a743894a0e4a801fc3:RULE_ADMINISTRATOR;