REST/kdb calls provide a quick way to allow the existing logins as validated by an existing kdb process. By setting environment variables before Pulse starts, it can be configued to use theses external sources.

Using REST/kdb Calls

Authentication

User names and passwords can be validated by AUTH_URL REST call. If environment variable AUTH_URL is set e.g.

http://admin:pass2@localhost:5000/?$[.z.pw[`$"((username))";"((password))"];`granted;`denied]
  1. When a user logs in, Pulse will connect to localhost:5000 using HTTP basic authentication details user=admin password=pass2
  2. It will then replace ((username))/((password)) with the users login details.
  3. If and only if the result contains "GRANTED" will access be granted.
  4. Successful login will result in automated creation of the user within Pulse.

Note: These settings can be configured as environment variables, system properties or .yml config files. See Admin Configuration for more info.

Authentication

Roles can be assigned by a REST CALL, if environment variable AUTH_URL is set e.g.

SET ROLE_URL=http://admin:pass2@localhost:5000/a.txt?getRoles[`$"((username))"]
  1. When a user logs in, they will first be authenticated.
  2. Pulse will connect to localhost:5000 using HTTP basic authentication details user=admin password=pass2
  3. It will then replace ((username)) with the users login details and fetch the result.
  4. The result format must be of form:
    • First line is ignored.
    • All lines after the first are ROLES that will be assigned to that user.

If you want to test the above settings.

First run a kdb instance on port 5000 with the following code:

Example REST call security Override