How to disable authentication dialogs for sensitive operations performed by RUT authenticated users

Visit my.sonatype.com for documentation on Nexus Repository version 2.

This article applies to Nexus Repository 2 only. Nexus Repository 3 has a different solution.

Problem

By default, Nexus Repository 2 re-prompts a RUT-authenticated user for their credentials before allowing certain sensitive operations to proceed. Sensitive operations include:

  • viewing a user token from their profile
  • downloading a generated support zip

Re-prompting is an additional security measure to protect against malicious access to an already established authentication session.

In the case where Nexus Repository 2 is configured using RUT Authentication, advanced security measures are implicitly already in place at the network level by a systems administrator. Authentication is taking place outside of Nexus Repository 2, so re-prompting for authentication inside the user interface may not be a valid use case. End users may not even be provided with credentials in the first place, so have no way to provide them if asked.

In this scenario, a Nexus Repository administrator wants a way to disable re-prompting for credentials.

Solution

Prerequisites

In order for authentication re-prompts to be disabled by a Nexus Repository 2 administrator implementing RUT auth, the RUT user accessing Nexus Repository 2 must:

  • be authenticated using RUT auth realm
  • be authorized using an account in the LDAP server(s) registered inside Nexus Repository ( XML/Default realm user accounts are not applicable )

Disabling authentication re-prompt viewing User Profile User token ( as of version 2.14.0 ):

  1. Edit <install-dir>/conf/nexus.properties. Add a property on a new line:
    nexus.userToken.noPopUps=true
    
  2. Restart Nexus Repository for the property to take effect.
  3. Ask end users to clear their browser cache and restart their web browser.

Disabling authentication re-prompt when downloading a generated support zip ( as of version 2.14.4 ):

  1. Edit <install-dir>/conf/nexus.properties. Add a property on a new line:
    nexus.download.noPopUps=true
    
  2. Restart Nexus Repository for the property to take effect.
  3. Ask end users to clear their browser cache and restart their web browser.
Have more questions? Submit a request

0 Comments

Article is closed for comments.