EDLdap Java Library - Extended Ed-Auth Support

The Middleware EDLdap Library’s Ed-Auth support may be used to configure authentication for a variety of environments. The roles/authorities the service provides are a combined collection of the user’s VT Affiliations and group memberships (uugid attribute of the group).

Jetty Login Service

The following is a Jetty (version 9+) configuration example:

<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure.dtd">
<Configure id="Server" class="org.eclipse.jetty.server.Server">
    <!-- =========================================================== -->
    <!-- EdAuth Authentication Login Service                         -->
    <!-- =========================================================== -->
    <Call name="addBean">
      <Arg>
        <New class="edu.vt.middleware.ldap.ed.jetty.realm.EdAuthRealm">
        <Set name="name">EdAuth Realm</Set>
        </New>
      </Arg>
    </Call>
</Configure>

Just like the Catalina and Spring setups, Jetty realm also provides the affiliations and the group names for authorization.

Tomcat Realm

The following is a Tomcat (version 8+) configuration example:

<Resource auth="Container"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
name="UserDatabase" pathname="/path/to/users.xml"
type="org.apache.catalina.UserDatabase"/>

<Realm 
className="edu.vt.middleware.ldap.ed.catalina.realm.EdAuthRealm"
resourceName="UserDatabase"/>

The Ed-Auth <Realm> can be expanded to support additional roles and users for container based authentication. For example one could configure the default manager web-application to support Ed-Auth by providing the resource in the <Server> configuration rather than application context. The following example grants access to a Virginia Tech person through Ed-Auth. Password attribute for a PID <user> should always be blank.

tomcat-users.xml configuration example:

<?xml version='1.0' encoding='utf-8'?>
<!-- users.xml -->
<tomcat-users>
<role rolename="manager-gui"/>
<role rolename="manager-script"/>
<role rolename="manager-jmx"/>
<role rolename="manager-status"/>
<role rolename="admin"/>
<!-- PID(s) START -->
  <user username="ememisya" roles="manager-script,admin,manager-gui"/>
<!-- PID(s) END -->
</tomcat-users>