Jabylon comes with 2 pre-installed security modules. However, it is designed in an extensible fashion so you can provide additional JAAS login module plug-ins as required.
Which security modules are used in which order depends on the contents of deploy/jaas.xml (or configuration/jaas.config for the WAR deployment). You can add, delete, modify and reorder the modules there as you see fit.
The default login module is the internal database login. All users, their passwords, roles and additional data is stored in the database. You do not have to configure anything to use this module.
The second pre-installed module enables LDAP authentication. On first login Jabylon creates a new user in the internal database that is linked to the LDAP account. The password will only be in LDAP (and the user cannot change it) but the roles and additional information (email, full name,…) are synced from LDAP into the internal database.
It is also possible to map LDAP to Jabylon roles. To use this feature, create a new Role and set it’s type to LDAP. The name of the role must be identical to the name of a group in your LDAP. That way all users that belong to the LDAP group automatically receive this role.
To enable LDAP authentication you need to enter a few parameters into deploy/jaas.xml