Skip to content

Latest commit

 

History

History
30 lines (22 loc) · 1.88 KB

Tokens.md

File metadata and controls

30 lines (22 loc) · 1.88 KB

User Auth Tokens

User Auth Tokens - are applied when security policies do not allow the users password to be used, such as for storing in plain text (in settings Docker, Maven and etc.) or combined with SAML/SSO. Each user can set a personal token that can be used instead of a password. The creation of tokens is implemented through the "NuGet API Key" menu (privilegies nx-apikey-all required), however, the tokens themselves apply to all types of repositories. Example of usage user token:

  • Enable "SSO Token Realm" (above "Docker Bearer Token Realm") in the server administration panel.
  • Go to menu "Nexus -> Manage your user account -> NuGet API Key", press "Access API key".
  • Type your username if using SSO login, otherwise type password, then press "Authenticate".
  • Copy "Your NuGet API Key", press "Close" and "Sign out".
  • To validate a token: press "Sign in", type your username and token instead of password.
  • Also, a pair of username+token can be used for authorization in Maven, Docker, Pip, etc., example for HTTP basic authorization - Authorization: Basic <login:token in base64>.

Debug

To enable debugging, add the following lines to the shiro.ini:

# Disable authentication caching
tokenRealm.authenticationCachingEnabled = false

And following lines to the logback.xml file (output will be to ${NEXUS_DATA}/log/nexus.log):

<logger name="org.sonatype.nexus.siesta.internal.UnexpectedExceptionMapper" level="TRACE" />
<logger name="com.github.alanger.nexus.plugin.realm.NexusPac4jRealm" level="TRACE" />
<logger name="com.github.alanger.nexus.plugin.realm.NexusTokenRealm" level="TRACE" />
<logger name="com.github.alanger.nexus.plugin.rest.NugetApiKeyResource" level="TRACE" />