Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved


Chapter 10 JAAS Authentication Modules : Overview of the JAAS Authentication Modules

Overview of the JAAS Authentication Modules
The JAAS Authentication modules are LoginModules that use the JVM in the EMS server to authenticate connections to the EMS server. Please refer to Extensible Authentication for further information the use of JAAS in TIBCO Enterprise Message Service.
Prebuilt JAAS Modules
TIBCO Enterprise Message Service provides a number of JAAS modules that can be used with the EMS server. These default modules are very flexible, and offer a variety of configuration options to suit most needs.
An EMS server file, tibemsd-jaas.conf, that is preconfigured to use the prebuilt JAAS modules, is located with the other sample configuration files in the config-file-directory\cfmgmt\ems\data directory, where the config-file-directory corresponds to the Configuration Directory specified during installation.
The module classes are found in EMS_HOME/bin/tibemsd_jaas.jar, and example module configuration files can be found in EMS_HOME/samples/config/jaas directory.
The default modules are:
LDAP Simple Authentication — a simple user authentication scheme using LDAP. This module requires the fewest parameters and is easiest to configure.
LDAP Authentication — a full featured user authentication scheme using LDAP. This module provides greater functionality and better performance than the LDAP Simple Authentication module.
LDAP Group User Authentication — a full featured user authentication scheme using LDAP. An extension of LDAP Authintication, this module also retrieves LDAP group membership information and passes it back into the EMS server, where it may be used for authorization. This modules provides the most functionality but generates more requests to the LDAP server.
Host Based Authentication — authentication based on the hostname or IP of a user connection. The module is most often used in conjunction with other modules, or in situations where only specific network nodes may authenticate to the EMS server.
Custom JAAS Modules
The default JAAS modules included with your TIBCO Enterprise Message Service installation will accommodate most environments. However, sometimes specialized support for authentication is required. To support this, well-documented source-code is provided for all of the EMS JAAS modules in the directory:
EMS_HOME/src/java/jaas
The readme.txt file in that directory contains instructions on compiling the source files.
Multiple JAAS Modules
The prebuilt JAAS modules support stacking, which provides great flexibility. Using multiple modules, you can direct the EMS server to check authentication using any arrangement of the modules. A common example would stack the LDAP Authentication module with the Host Based Authentication module to authenticate a user by credentials and IP address. Another example would include stacking multiple LDAP Authentication modules to search different branches of an LDAP tree.
There are no restrictions on which or how many modules can be stacked.
For examples of stacking, see Using Multiple JAAS Modules.

Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved