FIXICC Agent configuration for LDAP

FIXICC Agent could be configured to authorize users and authenticate their roles with LDAP. It uses Apache Shiro security framework for user authorization and authentication. This framework could be easily adopted for working with LDAP. Below you can find a sample and description of such configuration. This sample uses a security part of Apache Isis framework, which helps to not only authorize users and check their roles but also assign certain permissions for them.

Example of FIXICC Agent security configuration file (security.properties)

Here is a sample configuration for FIXICC Agent (security.properties):

[main]
contextFactory = org.apache.isis.security.shiro.IsisLdapContextFactory
contextFactory.url = ldap://localhost:10389
contextFactory.authenticationMechanism = simple
contextFactory.systemAuthenticationMechanism = simple
contextFactory.systemUsername = uid=admin,ou=system
contextFactory.systemPassword = secret

ldapRealm = org.apache.isis.security.shiro.IsisLdapRealm
ldapRealm.contextFactory = $contextFactory
ldapRealm.userDnTemplate = uid={0},ou=users,o=fixicc

ldapRealm.searchBase = o=fixicc
ldapRealm.groupObjectClass = groupOfUniqueNames
ldapRealm.uniqueMemberAttribute = uniqueMember
ldapRealm.uniqueMemberAttributeValueTemplate = uid={0}

ldapRealm.rolesByGroup =\
  user_role: read_only_user,\
  anonimouse_role: read_only_user,\
  admin_role: admin

ldapRealm.permissionsByRole=\
   read_only_user = SessionsList,ServerStatus,SessionParams,SessionsParametersSubscription,\
SessionStatus,SessionsSnapshot,SessionStat,GeneralSessionsStat,MeasurementPointList,\
MeasurementPointStatistic,LatencyAlertSubscription,AverageReceivedStat,AverageSentStat,\
AverageValidateStat,ReceivedStat,SentStat,ProceedStat,Help; \
   admin = *

securityManager.realms = $ldapRealm

Such configuration allows resolving user via LDAP server ldap://localhost:10389. It also describes 2 roles with their permissions for FIXICC users: read_only_user and admin. This approach in configuration requires to describe certain permissions in configuration file.

Security properties description

Now let's describe each property from this config file:

Our sample configuration means that:

LDAP server configuration

Example of LDAP server configuration can be found here: LDAP server configuration guide

More information: