AuthenticationAlgorithm constants
AuthenticationAlgorithm constants specify which authentication search strategy is selected when a HCL Compass user logs on.
Constant | Value | Description |
---|---|---|
_LDAP_FIRST | 1 | Authenticate against an LDAP server as the preference, and failing that, attempt to authenticate using HCL Compass authentication. Allows for traditional HCL Compass authentication. |
_CQ_FIRST | 2 | Authenticate using traditional HCL Compass user authentication as the preference, and failing that, attempt to authenticate using LDAP authentication. |
_CQ_ONLY | 3 | Traditional HCL Compass user authentication. Does not allow LDAP authentication. This is the default mode. |
Setting the AuthenticationAlgorithm for the schema repository
controls how HCL Compass searches
to find the correct authentication method. Specifically, the AuthenticationAlgorithm
controls the search flow.
- LDAP_FIRST: HCL Compass attempts
to authenticate the user against the configured LDAP server.
- If the authentication succeeds, the HCL Compass user
records are searched for the user record that corresponds to that
LDAP account. The correspondence is through a mapping of a particular
(configurable) HCL Compass user
profile field to a (configurable) LDAP attribute field of the LDAP
user account just authenticated against. Note: One of the following user profile fields: Email, FullName, Phone, MiscInfo, LoginName is configured for LDAP users as the HCL Compass and LDAP mapping field. The corresponding Compass API set function for that field (SetEmail, SetFullName, SetPhone, SetMiscInfo, or SetLoginName) can only be called successfully by the (
USER_ADMIN
user privilege), for LDAP users. The value in this mapping field must be the same as the value in the correlated LDAP attribute. - If the authentication fails, there is a chance that the login
is a traditional HCL Compass authenticated
user. HCL Compass attempts
the traditional HCL Compass authentication.
- If successful, HCL Compass continues.
- If unsuccessful, HCL Compass returns an error.
- If the authentication succeeds, the HCL Compass user
records are searched for the user record that corresponds to that
LDAP account. The correspondence is through a mapping of a particular
(configurable) HCL Compass user
profile field to a (configurable) LDAP attribute field of the LDAP
user account just authenticated against.
- CQ_FIRST: HCL Compass attempts
a traditional HCL Compass authentication
and searches for a HCL Compass user
record that matches the login name:
- If the search succeeds, HCL Compass checks
the HCL Compass user
record to see if it is configured as a HCL Compass authenticated
user:
- If configured for HCL Compass authentication, performs traditional authentication.
- If configured as LDAP, performs LDAP authentication. The HCL Compass to LDAP mapping correlation must map back to this same HCL Compass user account, or an error is generated.
- If the search fails, performs an LDAP authentication, in case
the user is an LDAP authenticated user:
- If successful, allows the user to access HCL Compass as
normal If the authentication succeeds, the HCL Compass user records are searched for the user record that corresponds to that LDAP account. The correspondence is through a mapping of a particular (configurable) HCL Compass user profile field to a (configurable) LDAP attribute field of the LDAP user account just authenticated against.Note: One of the following user profile fields: Email, FullName, Phone, MiscInfo, LoginName is configured for LDAP users as the HCL Compass and LDAP mapping field. The corresponding HCL Compass API set function for that field (SetEmail, SetFullName, SetPhone, SetMiscInfo, or SetLoginName) can only be called successfully by the Administrator (
USER_ADMIN
user privilege), for LDAP users. The value in this mapping field must be the same as the value in the correlated LDAP attribute and be unique among HCL Compass and LDAP users. See CQLDAPMap field constants. - If unsuccessful, HCL Compass returns an error.
- If successful, allows the user to access HCL Compass as
normal
- If the search succeeds, HCL Compass checks
the HCL Compass user
record to see if it is configured as a HCL Compass authenticated
user:
- CQ_ONLY: Performs traditional HCL Compass authentication. Does not attempt to perform an LDAP authentication. This is the default.