Installation and Administration

Authentication, Users and Groups

Updated: July 17, 2023

You may want to use other authentication protocols and / or identity providers than LDAP/Active Directory. Most of the time, an "authentication plugin" has to be configured. The Nuxeo Platform provides some by default, but you sometimes have to install a specific addon.

In any case, you have to configure the "authentication chain", see the Authentication Chain Principles

Contribute an XML extension from the following content. Adapt the authenticationChain element content with the list of plugins you want to use.

  <extension
    target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService"
    point="chain">
    <authenticationChain>
      <plugins>
        <plugin>BASIC_AUTH</plugin>
        <plugin>ANONYMOUS_AUTH</plugin>
        <plugin>THE_PLUGIN_I_WANT_TO_USE</plugin>
      </plugins>
    </authenticationChain>
  </extension>

The Nuxeo Platform will use the plugins in the order they are chained up until one is successful. The first goal for each plugin is to retrieve an identity with the handleRetrieveIdentity method. If no identity is found, the plugin calls the handleLoginPrompt method.


 

Related Documentation