Hybrid auth provider


Create a hybrid AuthProvider that can be used to string multiple other AuthProvider implementations together. It will allow a primary, secondary and tertiary provider to be configured. When authentication needs to be done:

1) Attempt authentication using the primary. If that fails:
2) Attempt authentication using the secondary. If that fails:
3) Attempt authentication using the tertiary.

For each of the providers (primary, secondary, etc), an override list of users can be specified. If a user is in the override list, authentication will only be attempted with that provider.




December 21, 2008, 5:22 AM

Can anyone help explain how to implement this?

I don't see where to put the HybridUser...java file.

Also, what DB settings do I need?

For instance, I currently use LDAP, which works. When I set the DB settings above, I can no longer login to the admin console or connect as a client.

What my ultimate goal is, is to read users from LDAP, and then also be able to read users from teh Openfire DB so I can add non-LDAP users.



Monkey Monster
September 30, 2008, 11:36 PM


In your mySQL database in the ofproperty table update the name-value pairs to the following:

provider.user.className = org.jivesoft.openfire.user.HybridUserProvider
provider.auth.className = org.jivesoft.openfire.user.HybridAuthProvider

Add the following name-value pairs in the table:

hybridAuthProvider.primaryProvider.className = org.jivesoft.openfire.ldap.LdapAuthProvider
hybridAuthProvider.secondaryProvider.className = org.jivesoft.openfire.auth.DefaultAuthProvider

In the openfile.xml add the following xml snippet:



I am not sure if the HybridUserProvider class was updated in the 3.6.0a version to look for the properties in the database yet. If it has been then add the following rows in the ofproperty table:

hybridUserProvider.primaryProvider.className = org.jivesoft.openfire.ldap.LdapUserProvider
hybridUserProvider.secondaryProvider.className = org.jivesoft.openfire.auth.DefaultUserProvider

Hope this helps!

Daryl Herzmann
September 30, 2008, 10:55 PM


You folks may wish to contact the provider's author for implementation details.



Maxime Cheramy
September 30, 2008, 5:32 PM

Same question than Sindre. I'd like to use this feature... But I don't know how.

Sindre Schulstad
September 11, 2008, 4:27 PM

Could anyone provide a howto on using this? I am trying to create some local users in addition to the ldap users... Is that possible by using this feature?



Daniel Henninger