Technical Manual
8. Authentication modes
8. Authentication modes 8.1. Introduction Thanks to proper configurations of CMDBuild, the authentication control can be delegated to external services. This possibility concerns the control of the account (username and password). Profiles and permissions will still be managed withing the CMDBuild group to which the user belongs. Via REST commands the configurations of the authentication can be changed, either via editconfig rest command to open a gui showing all the available configurations (if CMDBuild is on the local machine) or via setconfig/setconfigs rest command, in example: cmdbuild.sh restws setconfig org.cmdbuild.auth.case.insensitive true
8.2. Configuration of the authentication type CMDBuild supports the following authentication methods: •
Default authentication
•
SSO CAS authentication
•
SSO SAML authentication
•
Oauth2 authentication
The default authentication can be configured to utilize two different user repository: •
DB stored credentials
•
LDAP system
In addition there are the following additional authentication methods: •
RSA authentication
•
Header authentication
•
Custom login (similar to header auth but with a control script addition)
To configure which type or types of authentication to use, from version 3.4, it is possible to specify different auth modules with the following configuration schema Config
Type
Description
org.cmdbuild.auth.modules
String
List of auth module names
org.cmdbuild.auth.modules.{ModuleName}.type
String
Authentication type for the specified {ModuleName}
org.cmdbuild.auth.modules.{ModuleName}.description String
Auth module description, shown in auth login button
org.cmdbuild.auth.modules.{ModuleName}.enabled
Boolean Specifies if the module is enabled or not
org.cmdbuild.auth.modules.{ModuleName}.hidden
Boolean Specifies if the module is hidden or not, if hidden it’s only used by passing cm_login_module in the request
CMDBuild – Open Source Configuration and Management Database
Page 27