AuthenticationAlgorithm constants

AuthenticationAlgorithm constants specify which authentication search strategy is selected when a HCL Compass user logs on.

Constant Value Description
_LDAP_FIRST 1 Authenticate against an LDAP server as the preference, and failing that, attempt to authenticate using HCL Compass authentication. Allows for traditional HCL Compass authentication.
_CQ_FIRST 2 Authenticate using traditional HCL Compass user authentication as the preference, and failing that, attempt to authenticate using LDAP authentication.
_CQ_ONLY 3 Traditional HCL Compass user authentication. Does not allow LDAP authentication. This is the default mode.
Setting the AuthenticationAlgorithm for the schema repository controls how HCL Compass searches to find the correct authentication method. Specifically, the AuthenticationAlgorithm controls the search flow.
  • LDAP_FIRST: HCL Compass attempts to authenticate the user against the configured LDAP server.
    • If the authentication succeeds, the HCL Compass user records are searched for the user record that corresponds to that LDAP account. The correspondence is through a mapping of a particular (configurable) HCL Compass user profile field to a (configurable) LDAP attribute field of the LDAP user account just authenticated against.
      Note: One of the following user profile fields: Email, FullName, Phone, MiscInfo, LoginName is configured for LDAP users as the HCL Compass and LDAP mapping field. The corresponding Compass API set function for that field (SetEmail, SetFullName, SetPhone, SetMiscInfo, or SetLoginName) can only be called successfully by the (USER_ADMIN user privilege), for LDAP users. The value in this mapping field must be the same as the value in the correlated LDAP attribute.
    • If the authentication fails, there is a chance that the login is a traditional HCL Compass authenticated user. HCL Compass attempts the traditional HCL Compass authentication.
      • If successful, HCL Compass continues.
      • If unsuccessful, HCL Compass returns an error.
  • CQ_FIRST: HCL Compass attempts a traditional HCL Compass authentication and searches for a HCL Compass user record that matches the login name:
    • If the search succeeds, HCL Compass checks the HCL Compass user record to see if it is configured as a HCL Compass authenticated user:
      • If configured for HCL Compass authentication, performs traditional authentication.
      • If configured as LDAP, performs LDAP authentication. The HCL Compass to LDAP mapping correlation must map back to this same HCL Compass user account, or an error is generated.
    • If the search fails, performs an LDAP authentication, in case the user is an LDAP authenticated user:
      • If successful, allows the user to access HCL Compass as normal
        If the authentication succeeds, the HCL Compass user records are searched for the user record that corresponds to that LDAP account. The correspondence is through a mapping of a particular (configurable) HCL Compass user profile field to a (configurable) LDAP attribute field of the LDAP user account just authenticated against.
        Note: One of the following user profile fields: Email, FullName, Phone, MiscInfo, LoginName is configured for LDAP users as the HCL Compass and LDAP mapping field. The corresponding HCL Compass API set function for that field (SetEmail, SetFullName, SetPhone, SetMiscInfo, or SetLoginName) can only be called successfully by the Administrator (USER_ADMIN user privilege), for LDAP users. The value in this mapping field must be the same as the value in the correlated LDAP attribute and be unique among HCL Compass and LDAP users. See CQLDAPMap field constants.
      • If unsuccessful, HCL Compass returns an error.
  • CQ_ONLY: Performs traditional HCL Compass authentication. Does not attempt to perform an LDAP authentication. This is the default.