User authentication

All logins to FileNet® P8 are done through the Java Authentication and Authorization Service (JAAS).

Authentication is a process that occurs between a Java EE client application (for example, IBM® Content Navigator), a Java EE application server hosting an instance of Content Platform Engine, and one or more JAAS login modules. This process does not involve any FileNet P8 code. The Content Platform Engine ability to leverage JAAS for authentication means that if a single sign-on (SSO) provider writes a JAAS login module for a supported application server, then clients of FileNet P8 applications hosted in that application server can leverage that SSO solution. See the Authentication section for full information on FileNet P8 authentication architecture.

As a result, and unlike earlier releases of FileNet P8, the Content Platform Engine installation process configures authentication and authorization separately even though these two configurations will often use the same information. Authorization takes place by means of a direct connection between Content Platform Engine and one of the supported directory services.