Skip to main content
Version: 4.5.x LTS

nevisAuth Plug-In Implementation Notes

The implementation notes are provided for informational purposes only. Due to changes in the components or best practices, the implementation may change in a future version of the patterns.

nevisAuth Instance Pattern

  • The nevisAuth Instance pattern creates and configures a nevisAuth instance. The nevisAuth instance is named according to the pattern name.
  • The nevisAuth instance requires a TCP Service port. It uses 8991 as default.
  • The pattern creates an automatic keystore and truststore unless you assign different key and trust provider patterns.

Authentication Realm Pattern

  • The Authentication Realm pattern creates a Domain element in the esauth4.xml file according to the pattern name.
  • The pattern pattern uses the assigned Authentication Step patterns to build trees which describes possible authentication flows.
  • Configures the authentication such that it points to the root of the tree for Initial Authentication.
  • Adds a Domain entry for stepup pointing to a state which choose the correct session upgrade flow based on request:requiredRoles (containing the authentication level).

SAML SP Realm Pattern

  • Creates a Domain element in the esauth4.xml file according to the pattern name.
  • Adds a mapping to nevisProxy web.xml for the assertion consumer service URL. SAML responses returned by IDPs are consumed on this path.
  • Disables InterceptionRedirect for the application as this security feature is not required in combination with SAML.
  • Uses the assigned SAML IDP Connector patterns to create 1 ServiceProviderState for each associated IDP. The correct state is determined based on a configurable nevisAuth expression.
  • The final redirect of SP-initiated SAML logout can be defined by assigning the Logout pattern and setting the target URL there.
  • The SAML SP has its own session cookie which by default is named: Session_<patternName>

SAML IDP Pattern

  • The SAML IDP pattern is an add-on which can be assigned to nevisAuth Realm patterns (except SAML SP Realm) via the property Authentication Services
  • Adds a mapping to nevisProxy web.xml for the single-sign-on URL. SAML requests sent by SPs are consumed on this path.
  • For each assigned SAML SP Connector an IdentityProviderState is configured.