Configuration of Authentication, Group Assignment and Transfer of Properties
You must explicitly specify which of the connected user management systems or SSO systems should be used to authenticate users and assign them to user groups. In this context, you can optionally specify one or more of the systems as sources from which certain properties of a user, such as clear name or e-mail address, are transferred to Cadenza, where they can be used via user variable.
Alternatively or additionally, you can allow anonymous use, which should usually be possible if individual Cadenza contents are embedded in public portals or websites or if Cadenza itself is operated as a portal.
| A file-based test user administration is connected in the delivered Cadenza version, so that access to Cadenza is immediately possible. Check whether access with these test credentials must be prevented as soon as you start working with your own data and, if necessary, deactivate the plugin or remove the associated authenticator, group mapper and property mapper. |
The required plugin user management (AccessManager) is already activated in the Cadenza version supplied.
The corresponding configuration file accessmanager config must be adapted.
Overview of the Possible Values for the refid Attributes
| System | refid |
interactive | <authenticator> | <groupMapping> | <propertyMapping> |
|---|---|---|---|---|---|
LDAP |
LDAP |
✅ |
✅ |
✅ |
✅ |
XML user management |
Embedded |
✅ |
✅ |
✅ |
✅ |
Cadenza-Desktop user management |
CadenzaDB |
✅ |
✅ |
✅ |
✅ |
SSO: SPNEGO |
SPNEGO |
– |
✅ |
– |
– |
SSO: JWT |
JWT |
– |
✅ |
✅ |
– |
SSO: OAuth |
OAuth |
– |
✅ |
✅ |
✅ |
Transfer of user name in the HTTP header |
autologin-httpheader |
– |
✅ |
– |
– |
Extraction of part of the user name as a user variable |
UserName |
– |
– |
– |
✅ 1) |
1) Source for user properties via user name:
The userpropertiesfromusername config can be used to extract the part of the user name as a user property, like in the example below:
<userPropertiesFromUserNameConfiguration>
<properties>
<property name="username_two_char" usernameregex="^.{2}"/>
</properties>
</userPropertiesFromUserNameConfiguration>For the above file to be properly used, authenticators defined in the accessmanager config have to add an extra property mapping with refid="UserName" and also a property mapping with the associated authenticator, like in the example below:
...
<authenticators>
<authenticator refid="OAuth">
<groupMapping refid="OAuth"/>
<propertyMapping refid="OAuth"/>
<propertyMapping refid="UserName"/>
</authenticator>
<authenticator refid="Embedded">
<groupMapping refid="Embedded"/>
<propertyMapping refid="Embedded"/>
<propertyMapping refid="UserName"/>
</authenticator>
</authenticators>
...