Login Providers

Login Providers are used to define who has access to something in Relativity and how to go about authenticating that user. For instance will the user be authenticated against a static list of acceptable users, or maybe against a table of users in a database.

There are three tiers of users in Relativity, each of which has different levels of access to features in the server:

  • The Administrator who has full access to the server including network configurations and can create, edit, rename and delete domains & schemas. They login via the Admin Login which is handled by the Admin Login Provider.
  • The Developer, who only has access to create, edit, rename and delete Schemas. They login via the Developer Login which is handled by the Developer Login Provider.
  • Data Users who are typically those people using your client applications. They only have access to the data in a schema, how much access they have is defined by the business rules you define. Their login is handled by the Data Login Provider.

The Admin Login Provider, Developer Login Provider and Data Login Proivder settings define which of the login providers below is used to authenticate the user attempting to login. By default the Admin Login Provider is set to use the StaticLoginProvider, the Developer Login Provider is set to AdminServicesLogin and the Data Login Provider is set to StaticLoginProvider

The providers in detail

StaticLoginProvider is the simplest of the login providers, and the most useful for admin/developer login, or in the early development phase of your project. It works by simply letting you specify a list of valid usernames and passwords that will be accepted. This is the default login provider for all logins on a freshly installed Relativity Server or a freshly created domain.

DbTableLoginProvider validates the username and password against a table in your database. It allows you to select a table from your schema, as well as two fields from that table that contain usernames and passwords, respectively. The Login will be verified by selecting from the table, and access will be granted if a row with matching username and password is found.

DbCommandLoginProvider lets you validate the login against your database, but instead of simply querying a table, it will execute a command defined in your schema. You could implement the command to run a query, execute a stored procedure, or perform more some complex SQL. In order to qualify, the command must take two parameters (username and password) and return a Boolean.

LdapLoginProvider is the most complex one of the available login provider options. It can be used to connect Relativity to an existing LDAP server in your organization to validate logins. This can be very useful if you want your application to automatically share usernames and passwords with other non-Relativity, non-Data Abstract services in your company. Getting into the details of LDAP would go beyond the scope of this text, but if your organization is using LDAP, your LDAP administrator should be familiar with the required options.

AdminServicesLogin option, available for the per-domain login providers, simply indicates that rather than using separate logins, the same settings as for the server-wide Admin Login should be used here.

Note that the Admin Login Provider can only use the StaticLoginProvider and the LdapLoginProvider.