Database Authentication

on-site-related topic

If you do not have an LDAP system at your disposal for authenticating users you can use database security. The database security scheme stores users in a table with their passwords encrypted. A User Administration interface allows you to create users and roles and assign users to roles. All users, roles, and role-memberships are stored in the database, independent of any users or roles in the database.

Enabling Password Policies

Once you have configured database authentication, you enable password policies by creating a class in a Custom_ library implementing your desired policy and configure the system to run your code against the username and password every time a user attempts to change his password.

Process Flow

  1. Configure Redwood Server for database security in the admin server.
  2. Log in to Redwood Server with the scheduler-isolation-administrator role, the first user created during step 1.
  3. Create users and roles, assign the users to roles in User Administration.
  4. Import the users into Redwood Server.

Procedure

Configure the Admin Server for Database Security

  1. Stop the Redwood Server by running the script <install_dir>/j2ee/cluster/server1/bin/stop.{sh,cmd} and start the admin server with <install_dir>/j2ee/cluster/adminserver1/bin/start.{sh,cmd}.
  2. Navigate to http://<server>:<port>/scheduler-admin/tools (port defaults to 10185).
  3. Verify database and user credentials, choose Update and Connect.
  4. Choose Authentication Configuration and select Database.
  5. Fill in a username and password for the isolation administrator (the user has the scheduler-isolation-administration role); this will be the user that can administer users and roles.
  6. Log out of the admin server and stop the admin seaver by running the script <install_dir>/j2ee/cluster/adminserver1/bin/stop.{sh,cmd} and start the Redwood Server with <install_dir>/j2ee/cluster/server1/bin/start.{sh,cmd}.

Create Users and Roles

  1. Log in to Redwood Server with a user with the scheduler-isolation-administration.
  2. Navigate to Security > Users and choose User Administration.
  3. To create users:
  4. On the Users tab, choose New, fill in a username, password and select the roles the user should have. Choose Save.
  5. To create roles:
  6. On the Roles tab, choose New, fill in a name for the role and a description. Choose Save.
  7. When you are done, simply close the window.

Importing Users

  1. Navigate to Security > Users.
  2. Choose Import users from the context menu of Users.
  3. Enter the username or part of it with glob matching into the Search field and choose Search.
  4. Select the users to import and choose Import on the bottom right-hand side.
  5. To import more users, choose Import more or close the window.

Note: Users are automatically imported the first time the log in, when they have the scheduler-user or redwood-login role.

Changing your Password

  1. Navigate to Configuration > Change Password.
  2. Enter the old and new password in the required field. Note that your administrator might have enabled password policies.

See Also