Securing access to collected data

There are several levels of security available when it comes to protection of the collected data. Most probably you don’t want to expose the whole search index, instead you want to grant access to authorized people only.

Therefore, the product allows to configure three different modes of authentication:

NONE

Access to collected data is completely unrestricted.

INTEGRATED

Access to collected data is granted for authorized users only.

Authentication happens via http/BASIC auth. There is one single user available. Its credentials are configurable via application.properties:

security.mode=INTEGRATED
security.user.admin.name=
security.user.admin.pw=

ONLY_AUTHN

Access to collected data is granted for authorized users only.

Authentication happens via con terra’s security.manager and its SSO Domain Cookie support. This allows for a seamless SSO Experience. Necessary configuration properties are available via application.properties, please refer to your security.manager or map.apps configuration:

security.mode=ONLY_AUTHN
security.sso.cookie.name=ct_SSO
security.sso.cookie.domain=
security.sso.cookie.bindToIP=false

# security.manager service locations
security.administration.url=http://<host>/administration
security.was.service.url=$\{security.administration.url\}/WAS
security.sso.service.url=$\{security.administration.url\}/resources/ssosessions
security.sso.token.service.url=$\{security.administration.url\}/token/ssosession


# Key Store Properties
security.keystore.location=<some path>
security.keystore.passwd=changeit
security.keystore.key.alias=ct-security
security.keystore.key.passwd=changeit

Access is granted, if authenticated user owns the role mon_Redakteur. The name of the role can be defined in application.properties via servicemonitor.admin.role.