JSS Authentication Extensions

Use this type of extension to implement any user-name/password authentication scheme, or to support public key authentication in SFTP. JSS Authentication Extensions are known as authenticators. The server calls functions in your extension to find out whether or not a particular user-name/password combination or user/public key combination is valid. Your class can do whatever it needs to do to work out whether or not it is valid, such as calling a webservice or invoking an RPC.

Creating a JSS Authentication Extension

General instructions on building CompleteFTP JSS extensions may be found here.

There are two ways to implement a JSS Authentication Extension. The simple JSS Authentication Extension is the most straightforward, and should be attempted first. If more flexibility is required, consider writing an advanced JSS Authentication Extension.

For step by step instructions on how to create your own authentication method, please refer to Step-by-step guide: Add my own authentication method.

Note that once an authenticator has been written and Apply Changes, it will be automatically registered in CompleteFTP. It can be enabled/disabled by selecting/deselecting the Enabled check box in the General User Settings dialog box, accessible from the Users tab in the manager, as shown below.

Precedence

CompleteFTP includes a number of predefined authenticators, such as the external database authenticator, the gateway authenticator (Enterprise MFT only), the automatic Windows users (AWU) authenticator, and the SAML single sign-on authenticator.

Since a user-name can potentially be authenticated by more than one authenticator it's necessary to define the order in which the various authenticators are accessed. This order of precedence is as follows:

  1. users explicitly defined within CompleteFTP (both non-Windows and Windows).
  2. external database users, gateway users, SAML single sign-on users, and custom authentication extensions.
  3. automatic Windows users (AWU).

For example, if a user with a given user-name is explicitly defined in CompleteFTP, but authentication using that user-name is also available via an extension, then the extension will never be used to authenticate the user since it has lower precedence. This can sometimes cause confusing when testing.

When a JSS Authentication Extension is used, the defaultExtension user (which may be found in Users panel and by selecting "Show system users/folders/sites" in the main form's Options menu) is used as a template for user details once login has been successful.

Enable JSS Authenticator