Configuring Authentication Managers - dogtagpki/pki GitHub Wiki
The following authentication managers are defined in CA’s CS.cfg by default:
auths.instance.TokenAuth.pluginName=TokenAuth auths.instance.AgentCertAuth.agentGroup=Certificate Manager Agents auths.instance.AgentCertAuth.pluginName=AgentCertAuth auths.instance.CMCAuth.pluginName=CMCAuth auths.instance.CMCUserSignedAuth.pluginName=CMCUserSignedAuth auths.instance.raCertAuth.agentGroup=Registration Manager Agents auths.instance.raCertAuth.pluginName=AgentCertAuth auths.instance.flatFileAuth.pluginName=FlatFileAuth auths.instance.flatFileAuth.fileName=[pki_instance_path]/conf/ca/flatfile.txt auths.instance.SSLclientCertAuth.pluginName=SSLclientCertAuth auths.instance.SessionAuthentication.pluginName=SessionAuthentication
The following authentication managers are defined in KRA’s CS.cfg by default:
auths.instance.AgentCertAuth.agentGroup=Certificate Manager Agents auths.instance.AgentCertAuth.pluginName=AgentCertAuth auths.instance.TokenAuth.pluginName=TokenAuth
The following authentication managers are defined in OCSP’s CS.cfg by default:
auths.instance.AgentCertAuth.agentGroup=Certificate Manager Agents auths.instance.AgentCertAuth.pluginName=AgentCertAuth auths.instance.TokenAuth.pluginName=TokenAuth
The following authentication managers are defined in TKS’s CS.cfg by default:
auths.instance.AgentCertAuth.agentGroup=Certificate Manager Agents auths.instance.AgentCertAuth.pluginName=AgentCertAuth auths.instance.TokenAuth.pluginName=TokenAuth
The following authentication managers are defined in TPS’s CS.cfg by default:
auths.instance.AgentCertAuth.agentGroup=Certificate Manager Agents auths.instance.AgentCertAuth.pluginName=AgentCertAuth auths.instance.TokenAuth.pluginName=TokenAuth auths.instance.ldap1.authCredName=uid auths.instance.ldap1.ui.retries=3 auths.instance.ldap1.ui.title.en=LDAP Authentication auths.instance.ldap1.ui.description.en=This authenticates user against the LDAP directory. auths.instance.ldap1.ui.id.UID.description.en=LDAP User ID auths.instance.ldap1.ui.id.UID.name.en=LDAP User ID auths.instance.ldap1.ui.id.UID.credMap.authCred=uid auths.instance.ldap1.ui.id.UID.credMap.msgCred.extlogin=UID auths.instance.ldap1.ui.id.UID.credMap.msgCred.login=screen_name auths.instance.ldap1.ui.id.PASSWORD.description.en=LDAP Password auths.instance.ldap1.ui.id.PASSWORD.name.en=LDAP Password auths.instance.ldap1.ui.id.PASSWORD.credMap.authCred=pwd auths.instance.ldap1.ui.id.PASSWORD.credMap.msgCred.extlogin=PASSWORD auths.instance.ldap1.ui.id.PASSWORD.credMap.msgCred.login=password auths.instance.ldap1.dnpattern= auths.instance.ldap1.ldapByteAttributes= auths.instance.ldap1.ldapStringAttributes._000=################################# auths.instance.ldap1.ldapStringAttributes._001=# For isExternalReg auths.instance.ldap1.ldapStringAttributes._002=# attributes will be available as auths.instance.ldap1.ldapStringAttributes._003=# $<attribute>$ auths.instance.ldap1.ldapStringAttributes._004=# attributes example: auths.instance.ldap1.ldapStringAttributes._005=#mail,cn,uid,enrollmenttype,certsToAdd,tokenCUID,registrationtype,tokenType,firstname,lastname,exec-edipi,exec-mail auths.instance.ldap1.ldapStringAttributes._006=################################# auths.instance.ldap1.ldapStringAttributes=mail,cn,uid,enrollmenttype,certsToAdd,tokenCUID,registrationtype,tokenType,firstname,lastname,exec-edipi,exec-mail auths.instance.ldap1.ldap.basedn=[LDAP_ROOT] auths.instance.ldap1.externalReg.attributes=certsToAdd,tokenCUID,enrollmenttype,registrationtype,tokenType auths.instance.ldap1.externalReg.certs.recoverAttributeName=certsToAdd auths.instance.ldap1.externalReg.cuidAttributeName=tokenCUID auths.instance.ldap1.externalReg.registrationTypeAttributeName=registrationtype auths.instance.ldap1.externalReg.tokenTypeAttributeName=tokenType auths.instance.ldap1.ldap.maxConns=15 auths.instance.ldap1.ldap.minConns=3 auths.instance.ldap1.ldap.ldapauth.authtype=BasicAuth auths.instance.ldap1.ldap.ldapauth.bindDN= auths.instance.ldap1.ldap.ldapauth.bindPWPrompt=ldap1 auths.instance.ldap1.ldap.ldapauth.clientCertNickname=subsystemCert cert-[pki_instance_name] auths.instance.ldap1.ldap.ldapconn.host=localhost auths.instance.ldap1.ldap.ldapconn.port=389 auths.instance.ldap1.ldap.ldapconn.secureConn=false auths.instance.ldap1.ldap.ldapconn.version=3 auths.instance.ldap1.pluginName=UidPwdDirAuth auths.instance.SSLclientCertAuth.pluginName=SSLclientCertAuth
auths.instance.<instance name>.pluginName=AgentCertAuth auths.instance.<instance name>.agentGroup=Certificate Manager Agents
See also CertUserDBAuthentication.java.
auths.instance.<instance name>.pluginName=SharedToken auths.instance.<instance name>.ldap.basedn=ou=people,dc=example,dc=com auths.instance.<instance name>.ldap.ldapauth.authtype=BasicAuth auths.instance.<instance name>.ldap.ldapauth.bindDN="cn=Directory Manager" auths.instance.<instance name>.ldap.ldapauth.bindPWPrompt="Rule SharedToken" auths.instance.<instance name>.ldap.ldapconn.host=ds.example.com auths.instance.<instance name>.ldap.ldapconn.port=3389 auths.instance.<instance name>.ldap.ldapconn.secureConn=false auths.instance.<instance name>.shrTokAttr=shrTok
auths.instance.<instance name>.pluginName=UidPwdDirAuth auths.instance.<instance name>.ldap.basedn=dc=example,dc=com auths.instance.<instance name>.ldap.ldapauth.authtype=BasicAuth auths.instance.<instance name>.ldap.ldapauth.bindDN=cn=Directory Manager auths.instance.<instance name>.ldap.ldapauth.bindPWPrompt=internaldb auths.instance.<instance name>.ldap.ldapconn.host=pki.example.com auths.instance.<instance name>.ldap.ldapconn.port=389 auths.instance.<instance name>.ldap.ldapconn.secureConn=false
auths.instance.<instance name>.pluginName=UidPwdDirAuth auths.instance.<instance name>.ldap.maxConns=15 auths.instance.<instance name>.ldap.minConns=3 auths.instance.<instance name>.ldap.ldapauth.authtype=BasicAuth auths.instance.<instance name>.ldap.ldapauth.bindDN= auths.instance.<instance name>.ldap.ldapauth.bindPWPrompt=ldap1 auths.instance.<instance name>.ldap.ldapauth.clientCertNickname=subsystemCert cert-[pki_instance_name] auths.instance.<instance name>.ldap.ldapconn.host=localhost auths.instance.<instance name>.ldap.ldapconn.port=389 auths.instance.<instance name>.ldap.ldapconn.secureConn=false auths.instance.<instance name>.ldap.ldapconn.version=3 auths.instance.<instance name>.authCredName=uid auths.instance.<instance name>.ui.retries=3 auths.instance.<instance name>.ui.title.en=LDAP Authentication auths.instance.<instance name>.ui.description.en=This authenticates user against the LDAP directory. auths.instance.<instance name>.ui.id.UID.description.en=LDAP User ID auths.instance.<instance name>.ui.id.UID.name.en=LDAP User ID auths.instance.<instance name>.ui.id.UID.credMap.authCred=uid auths.instance.<instance name>.ui.id.UID.credMap.msgCred.extlogin=UID auths.instance.<instance name>.ui.id.UID.credMap.msgCred.login=screen_name auths.instance.<instance name>.ui.id.PASSWORD.description.en=LDAP Password auths.instance.<instance name>.ui.id.PASSWORD.name.en=LDAP Password auths.instance.<instance name>.ui.id.PASSWORD.credMap.authCred=pwd auths.instance.<instance name>.ui.id.PASSWORD.credMap.msgCred.extlogin=PASSWORD auths.instance.<instance name>.ui.id.PASSWORD.credMap.msgCred.login=password auths.instance.<instance name>.dnpattern= auths.instance.<instance name>.ldapByteAttributes= auths.instance.<instance name>.ldapStringAttributes._000=################################# auths.instance.<instance name>.ldapStringAttributes._001=# For isExternalReg auths.instance.<instance name>.ldapStringAttributes._002=# attributes will be available as auths.instance.<instance name>.ldapStringAttributes._003=# $<attribute>$ auths.instance.<instance name>.ldapStringAttributes._004=# attributes example: auths.instance.<instance name>.ldapStringAttributes._005=#mail,cn,uid,enrollmenttype,certsToAdd,tokenCUID,registrationtype,tokenType,firstname,lastname,exec-edipi,exec-mail auths.instance.<instance name>.ldapStringAttributes._006=################################# auths.instance.<instance name>.ldapStringAttributes=mail,cn,uid,enrollmenttype,certsToAdd,tokenCUID,registrationtype,tokenType,firstname,lastname,exec-edipi,exec-mail auths.instance.<instance name>.ldap.basedn=[LDAP_ROOT] auths.instance.<instance name>.externalReg.attributes=certsToAdd,tokenCUID,enrollmenttype,registrationtype,tokenType auths.instance.<instance name>.externalReg.certs.recoverAttributeName=certsToAdd auths.instance.<instance name>.externalReg.cuidAttributeName=tokenCUID auths.instance.<instance name>.externalReg.registrationTypeAttributeName=registrationtype auths.instance.<instance name>.externalReg.tokenTypeAttributeName=tokenType
auths.instance.<instance name>.pluginName=TokenAuth
auths.instance.<instance name>.pluginName=FlatFileAuth auths.instance.<instance name>.authAttributes=PWD auths.instance.<instance name>.deferOnFailure=true auths.instance.<instance name>.fileName=/var/lib/pki/pki-tomcat/conf/ca/flatfile.txt auths.instance.<instance name>.keyAttributes=UID