HCL Commerce authentication model

The HCL Commerce authentication model is based on the following concepts: challenge mechanisms, authentication mechanisms and user registries.

HCL Commerce security model

Challenge mechanisms

A challenge mechanism specifies how a server challenges and retrieves authentication data from a user. HCL Commerce supports the following authentication methods or challenge mechanisms:

Form-based or custom authentication
This authentication mechanism permits a site or store specific login through an HTML page or a JSP form.

Authentication mechanisms

An authentication mechanism verifies user authentication data against an associated user registry. HCL Commerce issues an authentication token that is associated with a user on every subsequent request after the authentication process. It is terminated when the user logs off or closes the browser.

Database authentication
This is the process of verifying that the logon ID and password supplied by the user are valid when compared to the authentication information stored in the HCL Commerce database.
LDAP bind
This is process of verifying that the logon ID and password supplied by the user are valid by performing an LDAP bind operation.
Third-party authentication
This is the process of verifying the logon ID and password supplied by the user against a third-party user registry. To use third-party authentication, you need to provide an implementation of the ExternalSystemAuthenticationCmd interface.
To configure the authentication mechanism to be used by your HCL Commerce instance, set the following attribute in the instance configuration file:
MemberSubSystem/AuthenticationMode
Where applicable values are:
  • DB for database authentication.
  • LDAP for LDAP bind.
  • OTHER for third-party authentication.

User registry

The user registry is a repository that contains user information, and the user's authentication information (for example, the password). Authentication information provided by a principal (that is, the representation of a human user or system entity in a user registry) can be verified or validated against the user registry.

HCL Commerce supports user registries based on two user domains: LDAP user registry and the HCL Commerce database.

An LDAP server is typically used when multiple software applications need to interact with a common set of users and organizations. For example, for the implementation of a HCL Commerce Single Sign-On solution.