CLARUS Access manages user access to CLARUS through two modules: User registration and User authentication.

User Registration

The CLARUS proxy normally uses the user authentication system that already exists in the company (for example LDAP). Users can then login using their existing credentials. In this case, there is no user registration process inside CLARUS or related to CLARUS; the users should already exist in the company’s system. However, for testing purposes and for very small installations, a simple user registration module will be created. It uses a local file based storage (text files, sqlite…) for the user data and is exclusively available for CLARUS users. With a web page, the user registration process can be performed and the security manager can use the same web interface to manage the security roles and policies of the registered users.

User Authentication

The authentication module for CLARUS is implemented as a Java library that can be distributed as a jar file. It provides a common interface for all authentication requests and specific implementations for each authentication provider. In the current state of the implementation, only LDAP (Lightweight Directory Access Protocol) is implemented as a provider. However, this is also one of the most common methods to authenticate users in a company network and it is easy to connect to this authentication and identification service.

For Java (and many other programming languages), several libraries exist that help implementing authentication against LDAP. In CLARUS, the library UnboundID LDAP SDK13 was chosen, since it is easy to use, it supports all required functions and it is available as an open source edition. Using this library and the basic Java functions of the Java SDK, the authentication against LDAP can be implemented. The UnboundID library is included as a jar file, allowing all flexibility and portability of the Java platform.