AuthService :: Web Service for LDAP User Authentication

Simple LDAP user authentication over the web

NimbusDS AuthService is a simple and lightweight JSON service for authenticating and provisioning users over the web. It is designed to be used from web applications or as part of a Single Sign-On (SSO) arrangement.

NimbusDS AuthService authenticates and provisions users over the web

AuthService checks the user credentials by referring to a designated LDAP v3 compatible directory such as MS Active Directory, Novell eDirectory, OpenLDAP or OpenDJ. It can also provide clients with selected attributes from the user's directory entry, for example their full name, contact details and permissions / authorisations.

AuthService is a NoXML service. Web clients can access it through its simple JSON API.

Here is an example JSON user.get request to check the credentials of user alice@wonderland.net and retrieve selected details from her directory account:

{ 
  "method"  : "user.auth",
  "params"  : { "username" : "alice@wonderland.net",
                "password" : "secret" },
  "id"      : "0001",
  "jsonrpc" : "2.0" 
}

The resulting JSON response:

{ 
  "result"  : { "DN"         : "uid=alice,ou=people,dc=wonderland,dc=net",
                "attributes" : { "userID" : "alice",
		                 "name"   : "Alice Adams",
				 "email"  : [ "alice@wonderland.net" ],
				 "roles"  : [ "admin-network", "admin-www", "admin-cms" ],
                                 "phone"  : [ "+1 685 622 6202", 
				              "+1 010 154 3228", 
					      "+1 225 216 5900" ] },
  "id"      : "0001",
  "jsonrpc" : "2.0"
}

AuthService access and security

NimbusDS AuthService has a number of configuration options for managing security and web client access.

For protecting the web client interface:

Define a whitelist of approved client IP addresses and / or host names.
Require clients to connect over secure HTTPS.
Require clients to present a valid X.509 certificate issued by a trusted certificate authority (CA).
Require the client X.509 certificate principal to match a specified distinct name (DN).
Hide internal web service exceptions.

For protecting the LDAP directory connection:

Connect to the LDAP server using StartTLS or SSL.
Specify a custom key and trust store (JKS) for the secure LDAP connections.
Optionally allow self-signed certificates.

Setup and configuration

NimbusDS AuthService is delivered as a standard web application archive (WAR) ready for immediate deployment in a Java web server, such as Apache Tomcat, and is configured by a simple text file. Check out our quick start guide.

Documentation

Quick start Get AuthService up and running in 10 minutes.
Specification System requirements and overall specification.
Configuration The configuration properties.
Web API The AuthService web API.
Error codes The AuthService error codes and messages.

Download

Ready to try out AuthService? You are welcome to download an evalution copy. No registration is required for that.

Download now AuthService

The software comes in a standard Java WAR package ready for immediate deployment. Check out the installation instructions for details.

AuthService is offered under an affordable licence which includes 24 months of maintenance, updates and our support. Discounts are available if you wish to run multiple instances or would like to integrate AuthService into your own product or service offerings. We also offer various dedicated services such as integration assistance, training and custom add-on development. Get in touch with sales to request a quote.