icon-administration.png
Administering XNAT

Monitoring XNAT


Advanced Topics

[Edit Nav]


Introduction

By default XNAT uses a user accounts which are stored in the local PostgreSQL database (passwords are encrypted).

XNAT can be configured to use a custom authentication method. To implement a new authentication scheme, an administrator will need to create a java class which extends the org.nrg.xdat.security.Authenticator class. The specified class should then be referenced in a properties file in the Tomcat webapp directory named authentication.properties using a variable named AUTHENTICATION_CLASS.

more $TOMCAT/webapps/xnat/WEB-INF/conf/authentication.properties
AUTHENTICATION_CLASS=org.path.to.new.Authenticator

LDAP Support

XNAT includes a preconfigured custom Authenticator class which can be used to authenticate user credentials against an external LDAP server. A sample authentication.properties file for use with this feature is available here.

When a user attempts to login to a site which uses this authenticator, the authenticator will first verify if the username corresponds to an account which has previously accessed this XNAT instance. If the username is not recognized, then the server will query the LDAP server (using the LDAP_USER, LDAP_PASS, and SEARCHBASE) to retrieve the distinguishedName for this authenticating user. If the distinguishedName is retrieved successfully, then that name and the user-supplied password will be used to verify that the user can authenticate against the LDAP server. If this succeeds, then the user account will be created in the local database (the user's password will NOT be stored in the local database), and the user will be logged in. All subsequent login attempts by that user will skip the first step and use the distinguishedName which is stored in the local database.

Shibboleth

Coming Soon...

OAuth

Coming Soon...