Schema Repository AuthenticationAlgorithm

The AuthenticationAlgorithm controls the authentication search logic. It can restrict the authentication algorithm to use only the traditional HCL Compass Authentication scheme, or it can allow both HCL Compass and LDAP authentication for the database set. The administrator configures an AuthenticationAlgorithm to be used when authenticating users by specifying the algorithm for the schema repository as a whole.

The following AdminSession object functions allow you to manage and change the authentication control flow.
  • SetAuthenticationAlgorithm(AuthenticationAlgorithm);
  • GetAuthenticationAlgorithm( );
Note: The GetAuthenticationAlgorithm method returns a cached value of the AuthenticationAlgorithm which is initialized when the AdminSession object is created. The returned value will not reflect a newly updated value changed (by calling the SetAuthenticationAlgorithm method or using the installutil setauthenticationalgorithm command) until the AdminSession object is closed and a new AdminSession object is created and used instead.
The valid values for the authentication algorithm are:
  • LDAP_FIRST: authenticates against an LDAP server as the preference, and also allows traditional HCL Compass authentication.
  • CQ_FIRST: The HCL Compass schema repository is searched first for a HCL Compass user profile record with the same user name as the given login name, and the user is authenticated based on the AuthenticationMode for that user record. If there is no HCL Compass user profile record with the given login name, then LDAP authentication is attempted.
  • CQ_ONLY: traditional HCL Compass user authentication. Does not allow LDAP authentication. This is the default mode.

See AuthenticationAlgorithm for more information on these algorithm types. For more information on the methods, see GetAuthenticationAlgorithm and SetAuthenticationAlgorithm.

Note: Traditional HCL Compass authentication is always an option for user accounts.

Changing the AuthenticationAlgorithm for the schema repository as a whole does not change the authentication mode for any existing HCL Compass user accounts. To change the mode of authentication for a particular user, the administrator must change the AuthenticationMode for that particular user. See User AuthenticationMode