Can Liberty perform Http Basic Authentication while taking user/password pairs from Ldap registry?
Supposing that I have worked ldapRegistry how do I bind it to basicRegistry (if I understand correctly it what I need to do) that basicRegistry will take user\password pairs from LDAP.
<ldapRegistry id="LDAP" realm="SampleLdapIDSRealm">
...
</ldapRegistry>
Yes, Liberty can be configured to use LDAP registry or basic registry or both. Basic Authentication (or Form Login) is defined in the deployment descriptor (web.xml) of the web application. Here are your choices for the user registry:
1) Configure LDAP user registry only: This assumes that all users who would like to login to web application using basic authentication are in configured LDAP server. 2) Configure Basic user registry only: In this case, all users/groups are defined in server.xml file 3) If your users are spread between LDAP and Basic user registry, you can use federation of registries.
If you are looking for how to bind security roles to user (in LDAP or other user registry), here is an example of defining application binding in server.xml :
<application type="war" id="myapp" name="myapp" location="${server.config.dir}/apps/myapp.war">
<application-bnd>
<security-role name="user">
<group name="students" />
</security-role>
<security-role name="admin">
<user name="gjones" />
<group name="administrators" />
</security-role>
<security-role name="AllAuthenticated">
<special-subject type="ALL_AUTHENTICATED_USERS" />
</security-role>
</application-bnd>
</application>
Configuring user registry with Liberty: https://www.ibm.com/support/knowledgecenter/en/SSEQTP_8.5.5/com.ibm.websphere.wlp.doc/ae/cwlp_repository_federation.html
Configuring authorization in Liberty: https://www.ibm.com/support/knowledgecenter/en/SSAW57_liberty/com.ibm.websphere.wlp.nd.multiplatform.doc/ae/twlp_sec_rolebased.html