Authentication Service Creation


The authentication service specifies the user pool to be exported to clients.Authentication services can be defined through database,LDAP or memory types. These default authentication services are used during policy creation.

Figure: Database Authentication Service

  • Type: The type of Authentication Service is mandatory. The fields change according to the selected type.
  • Name: Name of authentication service.
  • Description: A description can be added to assist during management.
  • Database
    • Encryption Type: If the password is to be encrypted, the encryption type is selected. As a result of this selection, the relevant fields will be active.
    • Encoding: The encoding type for the password is selected.
    • Pre-Salt: You can define an arbitrary string of letters to include before the password is encrypted.
    • Post-Salt: You can define an arbitrary string of letters to be appended to the end before the password is encrypted.
    • Connection: The default database pool is selected from the list. Click the ‘New Database Connection Pool Definition’ button to create a new database connection pool.Click here to see database connection pool definition.
    • Query: The query is written to retrieve the Username/Password pairs or the role list from the database.The user name parameter in the query must be defined in the form as :username and, if there is password parameter, the password parameter must be :password. Apinizer works with these special parameter names. Sample query: select role_name from t_user_role where email = :username and pwd = :password
    • Click to parse the query: Click to test the query. Clicking this button activates the corresponding fields.
    • Username value for test: To test the query, the value of the :username parameter is written.
    • Password for test : To test the query, the value of the :password parameter is written.
    • Test Query: The entered query is tested when the button is clicked
    • Query Output: Output of the entered query.
  • LDAP/Active Directory
    • LDAP Connection: The predefined LDAP connection is selected from the list. Click the New LDAP Connection Pool Definition button to create a new LDAP connection pool. Click to see LDAP connection pool definition.
    • Authentication Type: When authenticating with LDAP, one of two methods can be used:
      • Basic Authentication: The username / password pair is sent to the LDAP server to see if there is any such user.
      • Advanced Authentication: Using the Username/Password pair, the user’s properties, such as privileges, are queried.
  • Username statement: The user name in the request message is validated by placing {{username}} in the following statement. Accordingly, you must enter the following statement in the request message to create the LDAP search criteria according to the structure of the future username.
    • Examples: Let user1’s DN value on LDAP server oid=user1,ou=People,dc=example,dc=com.
    • Example-1: If the username comes as ‘user1’ in the request message, the expression should be written as follows: oid={{user1}},ou=People,dc=example,dc=com
    • Example-2: If the username comes as ‘oid = user1’ in the request message, the expression should be written as follows:{{username}},ou=People,dc=example,dc=com
    • Example-3: If the username comes as ‘oid=kullanici1,ou=People,dc=example,dc=com’ in the request message, the expression should be written as follows:{{username}}
  • Test Formatting: Clicking this button will test the formatting entered.
  • In Memory
    • Available User List: User definition operations and defined user list are managed through the Manage menu. Options in this menu; Import - When this option is clicked, a new data group is defined in the window that opens. The following rules must be observed when creating a data group. Bunlar;
      • A data set consists of 2 or 3 parts separated by # characters from each other.
      • First part belongs to user.
      • Second part belongs to password.If you don’t define a password ,you can you can leave it blank.
      • Third part belongs to role.If you want to define more than one role , you can separate roles with comma.
      • Example1 - user1#password1#role1,role2,role3
      • Example2 - user2#password2
      • Example3 - user3#password3#role1,role2
      • Each data group must be written on a separate line, and special characters should not be used except for the ‘#’ character that separates the data elements. If a user name already exists in the list, that row is not processed!
      • Click the Import button to create the data group.
      • Generate -Clicking this option will automatically create the data group. The following operations are performed in the window that opens. These;
        • Number of Users: The number of users of the data group is entered.
        • Generate password: When this option is active, a password is created for users.
        • Click the Generate button to create the data group.
      • Edit - The selected data is edited via the pop-up window.
      • Delete - Clicking this option deletes the selected data.
      • Select all - Clicking this option will select all of the data in the user list.
      • Clear Section - Clicking this option will deselect the selected data.
      • Delete All - Clicking this option deletes all data in the list.