Gateway Identity System

Owned by Rumena Zlatkova (Deactivated)
Last updated: Dec 21, 2023 by Bala Harish A(AC)
2 min read

The Content Gateway identity system is implemented by the front-end Gateway component and allows for one or more user data store configurations. The user data store is responsible for authenticating users via a password and for defining group membership for users. Content Gateway currently supports LDAP and Linux PAM as the user data store. Microsoft Active Directory can be used through its LDAP interface or via PAM with a Kerberos configuration on the Gateway server.

SAML

As for Swarm 12 and Content Gateway 7.1, you can also enable single sign-on to both Swarm UI and Content UI through your third-party Identity Provider. See https://perifery.atlassian.net/wiki/spaces/public/pages/2443816877. (v7.1)

The configuration of the identity system exists as IDSYS documents that are stored in the following locations:

  • Root IDSYS file

  • Tenant IDSYS sub-resource

  • Storage domain IDSYS sub-resource

An IDSYS document contains the information necessary to connect with the identity system and defines the organization of users and groups within the identity system. While an IDSYS document may only define one back-end identity system, different back-end systems can be used for different tenants and storage domains within the cluster. For example: use PAM in the root IDSYS and use LDAP in the storage domains.

The root IDSYS is stored in this JSON file:

/etc/caringo/cloudgateway/idsys.json

This file must be kept synchronized between all Gateway servers. The idsys sub-resource for a tenant or storage domain is kept within the cluster, is shared among all Gateway servers, and is accessed through the Gateway Management API or the Storage API.

Note

The root IDSYS configuration file must exist and must contain a valid JSON string or be blank. The minimum valid JSON content is "{}".

© DataCore Software Corporation. · https://www.datacore.com · All rights reserved.