AuthenticationAlgorithm constants

AuthenticationAlgorithm constants specify which authentication search strategy is selected when a DevOps Plan user logs on.

Constant Value Description
_LDAP_FIRST 1 Authenticate against an LDAP server as the preference, and failing that, attempt to authenticate using DevOps Plan authentication. Allows for traditional DevOps Plan authentication.
_CQ_FIRST 2 Authenticate using traditional DevOps Plan user authentication as the preference, and failing that, attempt to authenticate using LDAP authentication.
_CQ_ONLY 3 Traditional DevOps Plan user authentication. Does not allow LDAP authentication. This is the default mode.
Setting the AuthenticationAlgorithm for the schema repository controls how DevOps Plan searches to find the correct authentication method. Specifically, the AuthenticationAlgorithm controls the search flow.
  • LDAP_FIRST: DevOps Plan attempts to authenticate the user against the configured LDAP server.
    • If the authentication succeeds, the DevOps Plan user records are searched for the user record that corresponds to that LDAP account. The correspondence is through a mapping of a particular (configurable) DevOps Plan user profile field to a (configurable) LDAP attribute field of the LDAP user account just authenticated against.
      Note: One of the following user profile fields: Email, FullName, Phone, MiscInfo, LoginName is configured for LDAP users as the DevOps Plan and LDAP mapping field. The corresponding DevOps Plan Schema API set function for that field (SetEmail, SetFullName, SetPhone, SetMiscInfo, or SetLoginName) can only be called successfully by the (USER_ADMIN user privilege), for LDAP users. The value in this mapping field must be the same as the value in the correlated LDAP attribute.
    • If the authentication fails, there is a chance that the login is a traditional DevOps Plan authenticated user. DevOps Plan attempts the traditional DevOps Plan authentication.
      • If successful, DevOps Plan continues.
      • If unsuccessful, DevOps Plan returns an error.
  • CQ_FIRST: DevOps Plan attempts a traditional DevOps Plan authentication and searches for a DevOps Plan user record that matches the login name:
    • If the search succeeds, DevOps Plan checks the DevOps Plan user record to see if it is configured as a DevOps Plan authenticated user:
      • If configured for DevOps Plan authentication, performs traditional authentication.
      • If configured as LDAP, performs LDAP authentication. The DevOps Plan to LDAP mapping correlation must map back to this same DevOps Plan user account, or an error is generated.
    • If the search fails, performs an LDAP authentication, in case the user is an LDAP authenticated user:
      • If successful, allows the user to access DevOps Plan as normal
        If the authentication succeeds, the DevOps Plan user records are searched for the user record that corresponds to that LDAP account. The correspondence is through a mapping of a particular (configurable) DevOps Plan user profile field to a (configurable) LDAP attribute field of the LDAP user account just authenticated against.
        Note: One of the following user profile fields: Email, FullName, Phone, MiscInfo, LoginName is configured for LDAP users as the DevOps Plan and LDAP mapping field. The corresponding DevOps Plan Schema API set function for that field (SetEmail, SetFullName, SetPhone, SetMiscInfo, or SetLoginName) can only be called successfully by the Administrator (USER_ADMIN user privilege), for LDAP users. The value in this mapping field must be the same as the value in the correlated LDAP attribute and be unique among DevOps Plan and LDAP users. See CQLDAPMap field constants.
      • If unsuccessful, DevOps Plan returns an error.
  • CQ_ONLY: Performs traditional DevOps Plan authentication. Does not attempt to perform an LDAP authentication. This is the default.