Visit my.sonatype.com for documentation on Nexus Repository version 2.
This article applies to Nexus Repository 2 only. Nexus Repository 3 has a different solution.
Problem
By default, Nexus Repository 2 re-prompts a RUT-authenticated user for their credentials before allowing certain sensitive operations to proceed. Sensitive operations include:
- viewing a user token from their profile
- downloading a generated support zip
Re-prompting is an additional security measure to protect against malicious access to an already established authentication session.
In the case where Nexus Repository 2 is configured using RUT Authentication, advanced security measures are implicitly already in place at the network level by a systems administrator. Authentication is taking place outside of Nexus Repository 2, so re-prompting for authentication inside the user interface may not be a valid use case. End users may not even be provided with credentials in the first place, so have no way to provide them if asked.
In this scenario, a Nexus Repository administrator wants a way to disable re-prompting for credentials.
Solution
Prerequisites
In order for authentication re-prompts to be disabled by a Nexus Repository 2 administrator implementing RUT auth, the RUT user accessing Nexus Repository 2 must:
- be authenticated using RUT auth realm
- be authorized using an account in the LDAP server(s) registered inside Nexus Repository ( XML/Default realm user accounts are not applicable )
Disabling authentication re-prompt viewing User Profile User token ( as of version 2.14.0 ):
- Edit
<install-dir>/conf/nexus.properties
. Add a property on a new line:
nexus.usertoken.noPopUps=true
- Restart Nexus Repository for the property to take effect.
- Ask end users to clear their browser cache and restart their web browser.
Disabling authentication re-prompt when downloading a generated support zip ( as of version 2.14.4 ):
- Edit
<install-dir>/conf/nexus.properties
. Add a property on a new line:
nexus.download.noPopUps=true
- Restart Nexus Repository for the property to take effect.
- Ask end users to clear their browser cache and restart their web browser.