A user repository is in general terms a set of user credentials (optionally including user certificates etc.), with the possible addition of information such as the groups to which a user belongs, the user's address, telephone number and the email address. Often, an enterprise implements a central user repository that can be used by applications throughout a network to authenticate users; when a user tries to log in to an application, the application issues a request to the user repository to check whether the user credentials that she supplied are valid. Usually the user repository is created and maintained separately from the applications that use it.
A newly-installed CentraSite system is configured to authenticate users against an internal text file. This is intended to enable an administrator to log in and modify the configuration as required to meet enterprise requirements; typically, and in particular if you are working in a distributed environment, where one or more Application Server Tiers and a separate Registry/Repository are involved, an external repository such as Active Directory or LDAP will form the core of the authentication process.
The following sections describe how you can configure CentraSite for use with user repositories.
Access to information stored in CentraSite generally requires a user name and password, to ensure that data can only be stored, modified or retrieved by authorized users. CentraSite supports the following types of user repository:
an internal text file;
LDAP (for example Sun, OpenLDAP, ADS).
CentraSite maintains information about each kind of user repository in so-called authentication configurations. An authentication configuration specifies the type of user repository to be used and any parameters that are required to configure the user repository. CentraSite is delivered with one predefined authentication configuration, namely the configuration to use an internal text file, and this configuration is the default configuration. You can define additional authentication configurations; also, you can set any one of the defined configurations to be the default configuration.
See the section Creating Authentication Configurations for information about defining authentication configurations and setting the default authentication configuration.
In general, user authentication information is stored in the user repository, not in CentraSite. CentraSite can contain a copy of selected data fields from the user repository for each registered CentraSite user. The user information in the CentraSite user registry is stored in objects of the type "User". You can associate a CentraSite user object with a user in a user repository (see the "Associated with" feature in the user administration of CentraSite Control). In this case you can map data fields from the user repository into the user object in the CentraSite registry. The data in the mapped data fields is visible when you display the user object in CentraSite.
Each user repository is uniquely identified by a domain name. A user in a user repository is uniquely identified by the combination of domain name and user name.
When you log in to CentraSite Control, you must supply the name of a domain in which you are registered and your user name, in the format "<DomainName>\<UserName>", for example, "Headquarters\JSmith".
The domain name for an authentication configuration of type Internal is always "INTERNAL". Since this name is fixed, there can be only one such configuration defined per instance of the CentraSite registry.
While CentraSite is running, there is always exactly one default user repository. When you install CentraSite, the default user repository is set to the internal text file. You can change the default to any other user repository for which an authentication configuration exists.
Users who are registered in the default user repository can omit the domain name when they log in. For example, if the domain "Headquarters" is the default domain and it contains a user whose user name is "JSmith", then this user can log in as "JSmith" instead of "Headquarters\JSmith". Users who are not registered in the default user repository must always use the format "<DomainName>\<UserName>" to log in.
