NevisIDMConnectionPool
The NevisIDMConnectionPool
provides access to the NevisIDM administration web service and is used by NevisIDMSource
and NevisIDMSink
. It supports three modes of authentication:
- Basic authentication uses basic HTTP authentication with a username and password.
- Client certificate authentication uses a client certification to authenticate for nevisIDM using nevisProxy.
- Ninja authentication uses the Nevis sectoken as credential to access the nevisIDM web services.
Configuration
Name | Type, usage constraints, defaults | Description |
---|---|---|
endpoint | required: paraVal default: none type: connection url | The connection URL pointing to the administration web service of nevisIDM. |
wstrustEndpoint | optional: paraVal default: none type: connection url | The connection URL pointing to the wstrust web services of nevisAuth. |
loginMode | required: paraVal default: none type: login-mode string | The login-mode determines the kind of authentication the pool uses:basic : Use basic HTTP authentication.proxyCert : Use a client certificate and nevisProxy.ninja : Use a Nevis sectoken. |
username | optional: paraVal default: none type: string | The username used for basic authentication. |
password | optional: paraVal default: none type: string sensitive: true | The password used for basic authentication. |
sslSettings | optional: paraMap default: none type: string/string | The SSL configuration settings used for this connection pool. It uses the Java system property names to set up the key- and truststores. |
wstrustSslSettings | optional: paraMap default: none type: connection url | The SSL configuration settings used to perform two-way SSL authentication with the wstrust endpoint. It uses the Java system property names to set up the key and trust stores. |
Examples
Example using an unencrypted connection and basic authentication
<object type="NevisIDMConnectionPool" name="adminService">
<dp:paraVal name="endpoint" value="http://localhost:8989/nevisidm/services/v1/AdminService"/>|http://localhost:8989/nevisidm/services/v1/AdminService]
<dp:paraVal name="loginMode" value="basicAuth"/>
<dp:paraVal name="username" value="techuser"/>
<dp:paraVal name="password" value="secret"/>
</object>
Example using an SSL connection
<object type="NevisIDMConnectionPool" name="adminService">
<dp:paraVal name="endpoint" value="https://localhost/nevisidm/services/v1/AdminService"/>
<dp:paraVal name="loginMode" value="proxyCert"/>
<dp:paraMap name="sslSettings">
<value name="javax.net.ssl.trustStore" value="truststore.jks"/>
<value name="javax.net.ssl.trustStorePassword" value="secret"/>
<value name="javax.net.ssl.trustStoreType" value="jks"/>
<value name="javax.net.ssl.keyStore" value="keystore.jks"/>
<value name="javax.net.ssl.keyStorePassword" value="secret"/>
<value name="javax.net.ssl.keyStoreType" value="jks"/>
</dp:paraMap>
</object>
Example using ninja
<object type="NevisIDMConnectionPool" name="nevisIDMService">
<dp:paraVal name="endpoint" value="https://localhost:8989/nevisidm/services/v1/AdminService"/>
<dp:paraVal name="wstrustEndpoint" value="https://localhost:8991/nevisauth/services/wst14/SecurityTokenService"/>
<dp:paraVal name="loginMode" value="ninja"/>
<!-- Two way SSL is used to access the wstrust endpoint -->
<dp:paraMap name="wstrustSslSettings">
<value name="javax.net.ssl.trustStore" value="nevisauth_truststore.jks"/>
<value name="javax.net.ssl.trustStorePassword" value="secret"/>
<value name="javax.net.ssl.trustStoreType" value="JKS"/>
<value name="javax.net.ssl.keyStore" value="techuser_keystore.jks"/>
<value name="javax.net.ssl.keyStorePassword" value="secret"/>
<value name="javax.net.ssl.keyStoreType" value="JKS"/>
</dp:paraMap>
<!-- One way SSL is used to connect to the admin service -->
<dp:paraMap name="sslSettings">
<value name="javax.net.ssl.trustStore" value="nevisidm_truststore.jks"/>
<value name="javax.net.ssl.trustStorePassword" value="secret"/>
<value name="javax.net.ssl.trustStoreType" value="JKS"/>
</dp:paraMap>
</object>