From 0f475676a645833d98facb2edba072891ca3094b Mon Sep 17 00:00:00 2001 From: meek0 Date: Thu, 25 Jul 2019 14:50:33 -0400 Subject: [PATCH] quick realm information --- index.rst | 1 + web-user-guide/realms.rst | 36 ++++++++++++++++++++++++++++++++++++ 2 files changed, 37 insertions(+) diff --git a/index.rst b/index.rst index af2e5ce..9051005 100644 --- a/index.rst +++ b/index.rst @@ -35,6 +35,7 @@ Agate is the `OBiBa `_'s central authentication server which web-user-guide/groups web-user-guide/applications web-user-guide/tickets + web-user-guide/realms web-user-guide/administration .. toctree:: diff --git a/web-user-guide/realms.rst b/web-user-guide/realms.rst index 19d83de..66f39c6 100644 --- a/web-user-guide/realms.rst +++ b/web-user-guide/realms.rst @@ -1,2 +1,38 @@ Realms Management ================= + +A Realm is a data access object that provides authentication capabilites for Agate users user the underlying datasource's specific API to discover authorization data. + +Realm Types +----------- + +LDAP Realm +~~~~~~~~~~ + +A realm that authenticates users by using Lightweight Directory Access Protocol to query a Directory Access Agent. +This realm uses a user's Distinguished Name (DN) template to build queries. + +Active Directory Realm +~~~~~~~~~~~~~~~~~~~~~~ + +The only difference between this and the LDAP realm is the query template. +This realm queries by using a combination of a search filter and search base. + +SQL Database Realm +~~~~~~~~~~~~~~~~~~ + +``mysql``, ``mariadb`` and ``postgresql`` are supported. +This realm queries the user's password with the salt style used by the database. + +Salt styles include: + +- ``NO_SALT``: used when the password is in plain text. +- ``CRYPT``: uses the database's underlying cryptographic method to decrypt the password. +- ``COLUMN``: the salt column must be the second column included in the query. +- ``EXTERNAL``: uses the specified algorithm to decrypt the password. + + +Open ID Connect Realm +~~~~~~~~~~~~~~~~~~~~~ + +A realm that uses the OpenID Connect (`OIDC `_) protocol to authenticate users.