Standard Patterns Reference
The diagrams below are UML-style class diagrams. Colored boxes represent patterns, properties are depicted as fields, arrows indicate inheritance or indicate required pattern references (assignment).
Optional pattern references are shown as fields only (no arrows). Advanced properties have been omitted.
For detailed information about each pattern, refer to the help available in the GUI (see Working with Patterns). The Pattern Library - Properties Summary report, which is also available from the GUI, lists the actual classes and technical keys that have to be used when working with patterns in YAML format.
The following PDF shows all the patterns that are included in nevisAdmin 4.8, August 2020 release. If you would like to print this diagram, we recommend using at least an A1 size sheet.
Application Protection patterns are the main building block for nevisProxy Instances.
The Web Application, REST Service, and SOAP Service patterns should be used to expose backend applications on a nevisProxy Virtual Host. See Protecting a Web Application for details.
The following patterns are not shown:
- Generic nevisProxy Instance Settings
- Generic nevisProxy Log Settings
- nevisProxy Log Settings
The Unauthentication Realm can be used to configure session management for public applications which are not protected by a normal Realm.
The following diagram shows add-on patterns which can be assigned to Virtual Host patterns, application patterns or both.
Most addon patterns map a filter to the Frontend Paths of the application (or
/*) but some of them also have an impact on how the connector for the application (the HttpsConnectorServlet) is generated.
The following diagrams show patterns to set up nevisAuth and nevisLogrend instances. There are various add-on patterns to control the log levels, set up facades (e.g. Radius) and connect to a remote session store. For further information about authentication see Configuring Authentication Use Cases.
Patterns implementing the Realm interface provide single-sign-on for applications. The following diagram shows the recommended type of realm, the Authentication Realm. This pattern uses authentication steps as building blocks to define authentication flows:
Identity Management patterns can be used to set up and use a nevisIDM Instance.
The nevisIDM Administration GUI makes the web interface accessible on a nevisProxy Virtual Host.
Patterns implementing InitialStepPattern can be used as the first step of the Initial Authentication Flow in an Authentication Realm. For instance, use the nevisIDM Password Login for username/password authentication.
There are various authentication step patterns for second factor authentication based on the credentials of the current user. See Configuring Identity Management Use Cases for further information.
Note that only the most important patterns are displayed to keep the diagram simple and easy to read.
The following types of patterns are not shown:
- Patterns which define the nevisIDM database connection (NevisIDMDatabase).
- Patterns which configure the nevisIDM log (NevisIDMLoggingAddon).
- Patterns for generic and advanced configuration.
These patterns set up a log file monitoring solution based on Elasticsearch, Logstash and Kibana.
The Elastic Beats Instance pattern can reference patterns implementing the MonitorablePattern instance.
As instance patterns implement this interface and the inheritance is not shown in the other diagrams as it makes them hard to read.
The patterns for Mobile Authentication are used to set up passwordless authentication.
Use the Authentication Cloud pattern if you use mobile authentication as a service.
See the pattern help and Configuring Mobile Authentication Use Cases for further information.
nevisAuth can issue tokens which are to be propagated to backend applications.
The most common token format in NEVIS setups is the NEVIS SecToken but there are various alternatives.
Patterns implementing TokenProviderPattern can be assigned in nevisAuth Realm patterns to declare that this realm can produce a certain token.
Patterns implementing TokenPropagationPattern know how to send a given token to a backend application.
Some patterns (e.g. NEVIS SecToken) implement both interfaces as both the format and the transmission is well defined.
The Authorization Policy pattern can be assigned to applications to trigger nevisAuth to issue a given token on first access to this application.
See the pattern help for further information on how to use these token patterns.
nevisAdmin 4 provides patterns to set up common SAML cases.
Assign a SAML SP Realm to your applications to enforce authentication via SAML, or use the SAML IDP pattern to expose an authentication realm as a SAML Identity Provider. See Configuring SAML for further information on how to set up these use cases.
Federation: OAuth and OpenID Connect
nevisAdmin 4 provides the required patterns to set up a nevisMeta Instance and expose the nevisMeta Web Console or REST Service on a nevisProxy Virtual Host. See Configuring OAuth and OpenID Connect on how to use nevisMeta.
User Behavior Analytics
The patterns for User Behavior Analytics consist of:
- addon patterns which can be assigned to protect applications (e.g. nevisDetect Analysis and Protection)
- various Instance patterns (printed in bold) and their dependencies
- patterns which can be used within an authentication flow (e.g. nevisDetect Authentication Connector)
See Configuring User Behavior Analytics on how to configure these patterns.
You can assign a KeyStoreProviderPattern wherever a private key and certificate is required. Likewise, patterns which implement TrustStoreProviderPattern can be assigned to provide trusted certificates.
nevisAdmin 4 provides various patterns implementing these interfaces. See Configuring Key Material and Certificates on when to best use which pattern.