Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
fujitsu:hpcgateway:guides:internals:identity_management [2016/05/19 09:08]
fujitsu [HPC Gateway identities]
fujitsu:hpcgateway:guides:internals:identity_management [2016/05/19 09:10] (current)
fujitsu [HPC Gateway identities]
Line 10: Line 10:
   - Get user identity information,​ like his name, his rights and permissions   - Get user identity information,​ like his name, his rights and permissions
  
-\\+ 
 +===== Authentication ===== 
 The authentication is managed by Jetty. By default, the authentication is based on a method "​ssh-login-module"​. It is configured with 2 files: The authentication is managed by Jetty. By default, the authentication is based on a method "​ssh-login-module"​. It is configured with 2 files:
  
Line 87: Line 89:
  
 The current standard method is “ssh-login-module”. There are other methods like LDAP, PAM, and one can develop customized method following the JAAS protocol. This is not a difficult task. The current standard method is “ssh-login-module”. There are other methods like LDAP, PAM, and one can develop customized method following the JAAS protocol. This is not a difficult task.
-\\ + 
-Once authenticated,​ the user need to get his identity from the database. By default, if he is not yet defined in the database, HPC Gateway reject the user.  There is a configuration parameter in the database, “autopopulate”, to tell HPC Gateway to automatically create the identity and put this identity into a default team. When this parameter is set, a new user, who successfully authenticated,​ can connect with rights defined by the team. Usually, this team should have limited rights, like a Guest or Public team.+ 
 +===== Authorisation ===== 
 + 
 +Once authenticated,​ the user need to get his identity from the database. By default, if he is not yet defined in the database, HPC Gateway reject the user.  There is a configuration parameter in the database, “autoPopulate”, to tell HPC Gateway to automatically create the identity and put this identity into a default team. When this parameter is set, a new user, who successfully authenticated,​ can connect with rights defined by the team. Usually, this team should have limited rights, like a Guest or Public team.
 <​code>​ <​code>​
 configs.webserver configs.webserver