Custom Security
Authorization Options
- Setting DEMO=TRUE - Causes all users to be logged in as admin automatically.
- Setting DEMO=FALSE - Requires users to login and checks their password against that hashed in the built-in database.
- Setting DEMO=FALSE AND AUTH_URL - Authenticates users using a remote Rest Authentication or kdb+ endpoint.
- Setting DEMO=FALSE AND AUTH_PROXY_ENABLED - together with other settings, allows using Apache or nginx as an authentication frontend.
- Note
- Available in Enterprise edition.
Rest Authentication
REST/kdb calls provide a quick way to allow the existing logins as validated by an existing kdb process. By setting environment variables before Pulse starts, it can be configued to use theses external sources.
Using REST/kdb Calls
Authentication
User names and passwords can be validated by AUTH_URL REST call. If environment variable AUTH_URL is set e.g.
http://admin:pass2@localhost:5000/?$[.z.pw[`$"((username))";"((password))"];`granted;`denied]
- When a user logs in, Pulse will connect to localhost:5000 using HTTP basic authentication details user=admin password=pass2
- It will then replace ((username))/((password)) with the users login details.
- If and only if the result contains "GRANTED" will access be granted.
- Successful login will result in automated creation of the user within Pulse.
Note: These settings can be configured as environment variables, system properties or .yml config files. See Admin Configuration for more info.
If you want to test the above settings.
First run a kdb instance on port 5000 with the following code: