Default out-of-the-box authentication for IBM Cúram Social Program Management involves the user logging in via the login screen, where the user is prompted for a username and password as credentials. These credentials are then passed to the Cúram JAAS login module configured in the application server.
The default authentication is invoked and the username and password entered are checked against the username and password stored on the Cúram Users database table. The Cúram username is immutable, but you have the option of configuring your system to use a Cúram login ID instead, which is changeable. The login ID is a logical extension of the Cúram user and the same verifications checked for the username are also checked for the login ID. See Alternate Login IDs for more information about alternate login IDs.
Authentication performs a number of verifications against the login credentials, Default Authentication should be consulted for details on the verifications.
Provided all verifications are successful, the user is considered to be authenticated by the application.
Once the user is authenticated, the user is then added to the Cúram Security Cache. The Cúram Security Cache stores the username and all related authorization data for that user in order to optimize the authorization data retrieval for a user. Security Data Caching should be consulted for further details on the Cúram Security Cache. Figure 2.3 below highlights the path taken for default authentication.
