About HCD Unified Authentication
HCD Unified Authentication facilitates connectivity to three primary backend authentication and authorization services: HCD Authenticator, HCD Role Manager, and HCD Authorizer.
HCD Authenticator
AdvancedAuthenticator supports validating user identity against any of the following authentication schemes:
When authenticating a connection request, HCD Authenticator attempts authentication in the order defined in the configuration, starting with the default_scheme and then additional_schemes.
If the connection specifies the authentication mechanism, HCD Authenticator might bypass the default_scheme if there is a known mismatch between the requested mechanism and the default_scheme.
Otherwise, it tries all defined schemes in order.
|
It is possible to authenticate users without implementing access control using the HCD Authenticator; however, authentication is required for authorization and role management. |
HCD Role Manager
HCD Role Manager assigns roles using one of the following modes:
-
Internal: One-to-one mapping using an internally stored password. Requires a role for each account. An HCD tool sets a salted hash password.
-
LDAP: One-to-many mapping. Assigns HCD roles that match the user’s LDAP groups. Passwords are stored in the LDAP server.
For LDAP role management, HCD disables role nesting. You cannot use GRANT to assign a role to another role.
Next steps
- Steps for new deployment
-
Enable HCD Unified Authentication on a new deployment.
- Steps for production environments
-
Enable HCD Unified Authentication without downtime when implementing in a production or otherwise existing HCD environment.