How Registry Interfaces With Active Directory
Active Directory can be used as the security manager for Fusion Metadata Registry. Configuration of this is explained here.
Invalid Credentials
The following details the communication for when a user supplies incorrect credentials to the Fusion Registry
If the user provides incorrect credentials to the Fusion Registry, the following communication takes place:
1) The Registry receives an HTTP (or HTTPS) Servlet Request from the browser. This request carries the username and password as supplied from the login page of the Registry.
2) From this request object, an Authentication token is created within the Registry and sent as an LDAP (or LDAPS) connection to the Active Directory server. This token only contains the userid and password as supplied in the previous stage.
The Naming Manager apect of Active Directory attempts to resolve the supplied credentials.
3) Since the credentials were not authorised by the Naming Manager, Active Directory responds with an LDAP (or LDAPS) response which is
4) Fusion Registry responds to the browser with an HTTP Servlet Response containing the information that the authentication request was unsuccesful with a status code for the reason.
Succesfull Access
1) The Registry receives an HTTP Servlet Request from the browser 2) From this request object, an Authentication token is created within the Registry and passed to the Active Directory server. This token only contains the userid and password as supplied in the previous stage 3) Active Directory responds with a ???? 4) Fusion Registry responds with an HTTP Servlet Response containing the information that the authentication request was unsuccesful with a status code for the reason.
The Active Directory service is queried to obtain a DirContext object - This is a InitialLdapContext
Failure: With respect to bad credentials a Spring BadCredentialsException is thrown which is converted into a FusionAuthenticationException which returns a 404 for the response
HttpServletResponse
Success:
The InitialLdapContext object is created. This is used to search for an object
This object is a org.springframework.ldap.core.DirContextAdapter And contains information about the user, such as the "DN" : CN=SOAP_Adam,OU=users,OU=Registry,OU=fusion,DC=metatech,DC=external