HCL Commerce authentication model
The HCL Commerce authentication model is based on the following concepts: challenge mechanisms, authentication mechanisms and user registries.
HCL Commerce security model
Challenge mechanisms
A challenge mechanism specifies how a server challenges and retrieves authentication data from a user. HCL Commerce supports the following authentication methods or challenge mechanisms:
- Form-based or custom authentication
- This authentication mechanism permits a site or store specific login through an HTML page or a JSP form.
Authentication mechanisms
An authentication mechanism verifies user authentication data against an associated user registry. HCL Commerce issues an authentication token that is associated with a user on every subsequent request after the authentication process. It is terminated when the user logs off or closes the browser.
- Database authentication
- This is the process of verifying that the logon ID and password supplied by the user are valid when compared to the authentication information stored in the HCL Commerce database.
- LDAP bind
- This is process of verifying that the logon ID and password supplied by the user are valid by performing an LDAP bind operation.
- Third-party authentication
- This is the process of verifying the logon ID and password supplied by the user against a third-party user registry. To use third-party authentication, you need to provide an implementation of the ExternalSystemAuthenticationCmd interface.
MemberSubSystem/AuthenticationMode
Where
applicable values are:- DB for database authentication.
- LDAP for LDAP bind.
- OTHER for third-party authentication.
User registry
The user registry is a repository that contains user information, and the user's authentication information (for example, the password). Authentication information provided by a principal (that is, the representation of a human user or system entity in a user registry) can be verified or validated against the user registry.
HCL Commerce supports user registries based on two user domains: LDAP user registry and the HCL Commerce database.
An LDAP server is typically used when multiple software applications need to interact with a common set of users and organizations. For example, for the implementation of a HCL Commerce Single Sign-On solution.