realms - Fluid Topics - 3.7

Fluid Topics Configuration and Administration Guide
Category
Reference Guides
Audience
public
Version
3.7

The "realms" parameter of the authentication object is used to define the list of the authentication realms used in the portal.

It is composed of the following elements:

  • "type": declares the type of realm from the following:
  • "name": defines the realm identifier for the portal. This identifier must be unique for each realm. If it is modified, it is considered as a new realm.
  • "configuration": defines the configuration for the realm. For more information about specific configuration, consult the documentation about the specific realm.
  • "overridesUserFromRealm": defines one or more realms to be migrated. This property expects the "name" of an existing realm from the "authentication" parameter. If an existing user account is found for the migrated realm(s), it is associated with a new account. Since Fluid Topics v3.7.44, it is possible to migrate multiple user authentication realms simultaneously. For more information, see Migrate User Authentication Realms.

It is mandatory to declare at least one realm, but configuring realms is optional. If not configured, the authentication/user account feature will not be available on the portal.

Example

{
  "ui": {
    ...
    "authentication": {
      ...
      "realms": [
          {
              "name": "internal-realm",
              "type": "internal"
          },
          {
              "name": "static-realm",
              "type": "static",
              "configuration": {
                  "mail": "static-account@fluidtopics.com",
                  "password": "aXHBEChodHJgUflzzezf1er5ig=",
                  "name": "Static Account Username",
                  "groups": "group1|group2",
                  "roles": "KHUB_ADMIN|ADMIN|PERSONAL_BOOK_USER"
              }
          },
          {
            "name": "ldap-realm",
            "type": "ldap",
            "configuration": {
              "url": "ldaps://ldap.url",
              "systemUser": "cn=reader,dc=antidot,dc=net",
              "systemPassword": "password",
              "searchBase": "dc=antidot,dc=net",
              "loginAttribute": "mail",
              "nameAttribute": "cn",
              "mailAttribute": "mail",
              "authenticationMechanism": "simple"
              }
          },
          {
              "name": "google-realm",
              "type": "google",
              "configuration": {
                  "key": "akey",
                  "secret": "asecret",
                  "overridesUserFromRealm": "internal-realm"
              }
          },
          {
              "name": "facebook-realm",
              "type": "facebook",
              "configuration": {
                  "key": "akey",
                  "secret": "asecret"
              }
          },
          {
              "name": "twitter-realm",
              "type": "twitter",
              "configuration": {
                  "key": "akey",
                  "secret": "asecret"
              }
          },
          {
            "name": "saml-realm",
            "type": "saml2",
             "configuration": {
                "name": "saml",
                "keystoreFile": "saml/keystore.jks",
                "keystorePassword": "keystore_password",
                "privateKeyPassword": "private_key_password",
                "entityId": "http://hostname/$TENANT_ID/",
                "idpMetadataFile": "saml/idp_metadata.xml",
                "idPropertyKey": "user_id",
                "mailPropertyKey": "user_mail",
                "namePropertyKey": "user_name",
                "maxAuthenticationLifetime": "numerical_value"
            }
          }
      ],
      ...
    },
    ...
  }
}

As seen in the above example, more than one authentication realm can be declared on the portal.