How Registry Interfaces With Active Directory
Active Directory can be used as the security manager for Fusion Metadata Registry. Configuration of this is explained here.
Unsuccesfull Access
- Attempt to access:
If the user provides incorrect credentials to the Fusion Registry, the following communication takes place:
1) The Registry receives an HTTP (or HTTPS) Servlet Request from the browser. This request carries the username and password as supplied from the login page of the Registry. 2) From this request object, an Authentication token is created within the Registry and sent as an LDAP (or LDAPS) connection to the Active Directory server. This token only contains the userid and password as supplied in the previous stage 3) Active Directory responds with a ???? 4) Fusion Registry responds with an HTTP Servlet Response containing the information that the authentication request was unsuccesful with a status code for the reason.
Succesfull Access
1) The Registry receives an HTTP Servlet Request from the browser 2) From this request object, an Authentication token is created within the Registry and passed to the Active Directory server. This token only contains the userid and password as supplied in the previous stage 3) Active Directory responds with a ???? 4) Fusion Registry responds with an HTTP Servlet Response containing the information that the authentication request was unsuccesful with a status code for the reason.
The Active Directory service is queried to obtain a DirContext object - This is a InitialLdapContext
Failure: With respect to bad credentials a Spring BadCredentialsException is thrown which is converted into a FusionAuthenticationException which returns a 404 for the response
HttpServletResponse
Success:
The InitialLdapContext object is created. This is used to search for an object
This object is a org.springframework.ldap.core.DirContextAdapter And contains information about the user, such as the "DN" : CN=SOAP_Adam,OU=users,OU=Registry,OU=fusion,DC=metatech,DC=external