Schema Repository AuthenticationAlgorithm

The AuthenticationAlgorithm controls the authentication search logic. It can restrict the authentication algorithm to use only the traditional DevOps Plan Authentication scheme, or it can allow both DevOps Plan and LDAP authentication for the database set. The administrator configures an AuthenticationAlgorithm to be used when authenticating users by specifying the algorithm for the schema repository as a whole.

The following AdminSession object functions allow you to manage and change the authentication control flow.
  • SetAuthenticationAlgorithm(AuthenticationAlgorithm);
  • GetAuthenticationAlgorithm( );
Note: The GetAuthenticationAlgorithm method returns a cached value of the AuthenticationAlgorithm which is initialized when the AdminSession object is created. The returned value will not reflect a newly updated value changed (by calling the SetAuthenticationAlgorithm method or using the installutil setauthenticationalgorithm command) until the AdminSession object is closed and a new AdminSession object is created and used instead.
The valid values for the authentication algorithm are:
  • LDAP_FIRST: authenticates against an LDAP server as the preference, and also allows traditional DevOps Plan authentication.
  • CQ_FIRST: The DevOps Plan schema repository is searched first for a DevOps Plan user profile record with the same user name as the given login name, and the user is authenticated based on the AuthenticationMode for that user record. If there is no DevOps Plan user profile record with the given login name, then LDAP authentication is attempted.
  • CQ_ONLY: traditional DevOps Plan user authentication. Does not allow LDAP authentication. This is the default mode.

See AuthenticationAlgorithm for more information on these algorithm types. For more information on the methods, see GetAuthenticationAlgorithm and SetAuthenticationAlgorithm.

Note: Traditional DevOps Plan authentication is always an option for user accounts.

Changing the AuthenticationAlgorithm for the schema repository as a whole does not change the authentication mode for any existing DevOps Plan user accounts. To change the mode of authentication for a particular user, the administrator must change the AuthenticationMode for that particular user. See User AuthenticationMode