Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved


Chapter 10 JAAS Authentication Modules : Using Multiple JAAS Modules

Using Multiple JAAS Modules
You can stack the provided JAAS modules to suit your environment and authentication needs. There are no restrictions on which or how many modules can be stacked.
To stack multiple JAAS modules, include the desired module configurations and JAAS flags in the same configuration file that is reference by the JAAS configuration parameter, jaas_config.
The behavior and authentication requirements of the included modules are controlled by the module Flag value assigned to each module in the stack. For more information, see the Oracle javax.security.auth.login.Configuration Class documentation for information on using multiple JAAS modules.
Example: Two Authentication Requirements
In this example, a user is authenticated based on network location. If that succeeds, the user is then authenticated using LDAP credentials. Both must succeed for the user to be authenticated.
This behavior is controlled by the requisite Flag.
EMSUserAuthentication {
  com.tibco.tibems.tibemsd.security.jaas.HostBasedAuthentication requisite
  tibems.hostbased.accepted_addresses="10.98.48.45, ::1"
  tibems.hostbased.accepted_hostnames="'jsmith.*','.tibco.com";
 
  com.tibco.tibems.tibemsd.security.jaas.LDAPSimpleAuthentication requisite
  tibems.ldap.user_pattern="uid=%u,ou=People,dc=tibco.com"
  tibems.ldap.url="ldap://localhost:389" ;
};
Example: One Authentication is Sufficient
In this example, a user is authenticated against multiple LDAP branches. If authentication fails in the first branch, the second is tried. Only one module instance needs to succeed for the user to be authenticated.
This behavior is controlled by the sufficient Flag.
EMSUserAuthentication {
    com.tibco.tibems.tibemsd.security.jaas.LDAPSimpleAuthentication sufficient
    tibems.ldap.user_pattern="uid=%u,ou=People,dc=Local"
    tibems.ldap.url="ldap://localhost:389" ;
 
    com.tibco.tibems.tibemsd.security.jaas.LDAPSimpleAuthentication sufficient
    tibems.ldap.user_pattern="uid=%u,ou=People,dc=Remote"
    tibems.ldap.url="ldap://localhost:389" ;
};

Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved