Authentication Methods for Customers in CM/Track

Available Authentication Methods

There are three possible authentication modes:

• Against the ConSol CM database
  This is called DATABASE mode, see Database Authentication for Customers
• Against an LDAP server
  This is called LDAP mode, see LDAP Authentication for Customers in CM/Track
• Against an LDAP server and the ConSol CM database
  The order can be configured. This is called Mixed mode, see Mixed Authentication Mode

Defining the Authentication Method

The authentication mode is specified by the system property cmas-core-security, contact.authentication.method. A change of this property does not require a server restart, and is propagated to all cluster nodes.

The possible values (see also section System Properties) and their respective system behaviors are:

• DATABASE
  Attempt a database login if the customer has a database password. I.e., the login and password are stored in the ConSol CM database and are thus managed by the ConSol CM engineers, or indirectly by the customers themselves when they reset their password. The customer can reset his own password, see section Password Reset Template for Customers Using CM/Track.
• LDAP
  Try authentication using the available LDAP server(s), if an LDAP ID is provided. I.e., the password is stored in the LDAP directory and cannot be changed via ConSol CM, neither by the customer nor by an engineer.
• LDAP,DATABASE
  First attempt authentication using the available LDAP server(s), if an LDAP ID is provided. On failure, try a database login if the customer has a database password.
• DATABASE,LDAP
  First attempt a database login if the customer has a database password. On failure try authentication using the available LDAP server(s) if an LDAP ID is provided.

The values are case insensitive, and commas and whitespace are ignored.