Using the Built in Flat-File Authentication Service
The FTL flat-file authentication service provides authentication functionality for the FTL server, reading username and password data from a flat file. It runs inside the FTL server. Set auth.providers to file:<file-path> in order to use the built-in flat-file authentication service. For details see, FTL Server Configuration Parameters
- Procedure
- Configure the flat file with username and password data.
Passwords must be clear text, not obfuscated nor checksummed, but they can be hashed.
Note: Syntax Summary for flat file- Each line defines one user.
- Each line must specify a username and password, and may also specify optional authorization roles or groups.
- Delimit the username with a required colon.
- You may add optional space characters after the colon. The password begins with the first non-whitespace character after the colon.
- Delimit the password with a comma-space pair. If a line contains more than one comma-space pair, the rightmost pair delimits the password. Earlier pairs become part of the password, as do individual comma and space characters.
- Hashed passwords are allowed.
- Separate authorization roles or groups with a comma only (spaces are not valid).
For example:
admin: my_admin_pw, ftl,ftl-admin ftl_svr: my_ftl_svr_pw, ftl-internal,ftl-admin,ftl,auth app_user_1:my_pw, ftl app_user_2: her_pw, ftl app_user_3: my pw, more pw,, and still more pw , role-1,ftl
In the last example, the boldface type illustrates a complicated password containing spaces, commas, and even comma-space pairs. - Supply the location of the flat file though the configuration parameter
auth.providers
For example:
auth.providers: file:/opt/tibco/ftl/samples/yaml/basic-auth/users.txt
See also: samples/yaml/basic-auth/tibftlserver_basic_auth.yaml in the FTL installation.