Difference between revisions of "How Registry Interfaces With Active Directory"

From FMR Knowledge Base
Jump to navigation Jump to search
(Unsuccesfull Access)
Line 3: Line 3:
  
 
=Unsuccesfull Access=
 
=Unsuccesfull Access=
 +
- Attempt to access:
  
 +
If the user provides incorrect credentials to the Fusion Registry, the following communication takes place:
 +
 +
1) The Registry receives an HTTP (or HTTPS) Servlet Request from the browser. This request carries the username and password as supplied from the login page of the Registry.
 +
2) From this request object, an Authentication token is created within the Registry and sent as an LDAP (or LDAPS) connection to the Active Directory server.  This token only contains the userid and password as supplied in the previous stage
 +
3) Active Directory responds with a ????
 +
4) Fusion Registry responds with an HTTP Servlet Response containing the information that the authentication request was unsuccesful with a status code for the reason.
 +
 +
=Succesfull Access=
 +
 +
1) The Registry receives an HTTP Servlet Request from the browser
 +
2) From this request object, an Authentication token is created within the Registry and passed to the Active Directory server.  This token only contains the userid and password as supplied in the previous stage
 +
3) Active Directory responds with a ????
 +
4) Fusion Registry responds with an HTTP Servlet Response containing the information that the authentication request was unsuccesful with a status code for the reason.
  
- Attempt to access:
 
  
The Registry recieves an Http Servlet Request (class: HttpServletRequest) from the browser.
 
From this request object, the username and password are passed into an Authentication token (the class is a Spring UsernamePasswordAuthenticationToken )
 
  
 
The Active Directory service is queried to obtain a DirContext object - This is a InitialLdapContext
 
The Active Directory service is queried to obtain a DirContext object - This is a InitialLdapContext

Revision as of 06:46, 31 May 2022

Active Directory can be used as the security manager for Fusion Metadata Registry. Configuration of this is explained here.


Unsuccesfull Access

- Attempt to access:

If the user provides incorrect credentials to the Fusion Registry, the following communication takes place:

1) The Registry receives an HTTP (or HTTPS) Servlet Request from the browser. This request carries the username and password as supplied from the login page of the Registry. 2) From this request object, an Authentication token is created within the Registry and sent as an LDAP (or LDAPS) connection to the Active Directory server. This token only contains the userid and password as supplied in the previous stage 3) Active Directory responds with a ???? 4) Fusion Registry responds with an HTTP Servlet Response containing the information that the authentication request was unsuccesful with a status code for the reason.

Succesfull Access

1) The Registry receives an HTTP Servlet Request from the browser 2) From this request object, an Authentication token is created within the Registry and passed to the Active Directory server. This token only contains the userid and password as supplied in the previous stage 3) Active Directory responds with a ???? 4) Fusion Registry responds with an HTTP Servlet Response containing the information that the authentication request was unsuccesful with a status code for the reason.


The Active Directory service is queried to obtain a DirContext object - This is a InitialLdapContext

Failure: With respect to bad credentials a Spring BadCredentialsException is thrown which is converted into a FusionAuthenticationException which returns a 404 for the response

HttpServletResponse

Success:

The InitialLdapContext object is created. This is used to search for an object

This object is a org.springframework.ldap.core.DirContextAdapter And contains information about the user, such as the "DN" : CN=SOAP_Adam,OU=users,OU=Registry,OU=fusion,DC=metatech,DC=external