When installed as a proxy or a gateway JaxView can authenticate the requests coming into the service with an LDAP or Active Directory Server. The user can setup the LDAP authentication policies from the Edit menu of the Web service. Then they can assign those policies to other services by selecting "Assign Policies to Services" menu item.
JaxView can perform LDAP authentication by 3 different ways.
NOTE: To authenticate using LDAP the user needs to check the "Enable LDAP Authentication" check box
Direct user id bind using User ID. The user id must have permission to search the LDAP datastore
In this case the User needs to fill out the Security Provider for example ldap://host:port and the Security Principal for example
uid=[USER_ID],ou=managed methods, o=group,dc=com.
JaxView will replace [USER_ID] with the user ID in the request and try to bind to the ldap server using the password in the request. If the binding is successful then the request is authenticated.
Note: To see how to setup JaxView to look for Username or Password in request please look at Security Policies.
For this option the user will supply JaxView a default security principal (not with [USER_ID]) and a default password. The user will also provide JaxView with a root DN to search under. The user will also supply JaxView a search filter according to RFC 2554. The search filter can include [USER_ID] which can be replace with the userName in the request. JaxView will perform use the security principal and the default password to bind to the LDAP server. Then it runs the search query and the search filter to get the DN of the user. Then it uses the DN of the user and the password in the request to rebind to the LDAP server. If any portion of this fails, JaxView will not authenticate the user and an error is sent in response.
For example:
Security Principal: uid=admin,ou=managed methods, o=group,dc=com
Default Password: pass
Root DN: o=group
Search Filter:(givenName=[USER_ID])
This option is similar to Option B except JaxView will search for Roles. That means the search filter needs to include the roles that the service belongs to. The user also needs to check the "Check In Roles" check box.
In this case JaxView will query the LDAP server with the search filter. If any result is returned then the request is authenticated. JaxView assumes that there is not password in the request.
For example:
Security Principal: uid=admin,ou=managed methods, o=group,dc=com
Default Password: pass
Root DN: o=group
Search Filter:(givenName=[USER_ID])(!(role=admin)(role=test))