The Authentication Gateway Spring Security implementation is configured in gateway_instance/webapps/ROOT/WEB-INF/sts-context.xml. It is a standard Spring Security XML configuration file that contains STS configuration details.
Note: The Authentication Gateway is an OpenEdge implementation of a Security Token Service (STS).
Usually, you will only need to modify the STS configuration in this file if you choose to add a different authentication provider.

The following shows the section of sts-context.xml that specifies the default authentication providers:

sts-context.xml

<b:property name="authenticationProviders">
    <b:map>				
		<b:entry key="ad" value-ref="adAuthenticationProvider"></b:entry>
		<b:entry key="ldap" value-ref="ldapAuthProvider"></b:entry>
		<b:entry key="oerealm" value-ref="OERealmAuthProvider"></b:entry>
		<b:entry key="_oeusertable" value-ref="OEDBAuthProvider"></b:entry>
		<b:entry key="_oslocal" value-ref="OSLocalAuthProvider"></b:entry>
		<b:entry key="properties" value-ref="PropertiesFileAuthProvider"></b:entry>
    </b:map>
</b:property>

This section shows the implementations for the default login providers. The domains configured in the domains.json file reference these authentication providers by name. Each provider is expected to implement the standard Spring IAuthenticationProvider interface.

The following is a brief description of each of the default authentication providers:

  • adAuthenticationProvider — This is an LDAP authentication provider for Microsoft's Active Directory. It is an offshoot of the primary LDAP provider, but limited in scope and functionality specific to Active Directory. It is provided as an alternative to the full LDAP authentication provider.
  • ldapAuthProvider — Makes use of the standard spring LDAP authentication provider implementation and requires an LDAP server configuration.
  • OERealmAuthProvider — Spring AuthenticationProvider that manages the task of authentication using a user account supplied by an AppServer Realm service. It directly uses the OERealmUserDetailsImpl bean to do the real work and create a Spring UserDetails object that will be placed in a Spring authentication token. For more information about the OERealm Authentication Provider, see OERealm user account configurations in Manage Progress Application Server (PAS) for OpenEdge.
  • OEDBAuthProvider — Spring AuthenticationProvider that manages the task of emulating an OpenEdge database's _user account by using an OERealm service. It directly uses the OEDBUserDetails bean to do the real work and create a Spring UserDetails object that will be placed in a Spring authentication token. Performs authentication of login requests using the OERealm ABL interface to an ABL class implementation, but modified for accessing the OpenEdge database user tables.
  • OSLocalAuthProvider — Performs authentication of login requests (a client-principal containing a user/password combination) for authentication by the local operating system.
  • PropertiesFileAuthProvider — Performs authentication of login requests (a client-principal containing a user/password combination) for authentication using the STS web application's WEB-INF/config/users.properties file.

For more information about Spring Security configuration, see the Spring Security documentation online.