PAS, REST, & multiTenant

Good afternoon,

We are using OE 11.5 and have the Pacific Appserver configured to authenticate using hybrid realm. We also have multiple domains to authenticate against.

Currently we have OERealmAuthProvider set up with the following properties set:

<b:property name="userDetailsService">
  <b:ref bean="OERealmUserDetails"/>
</b:property>

<b:property name="createCPAuthn" value="true" />
<b:property name="multiTenant" value="true" />
<b:property name="userDomain" value="" />
<b:property name="key" value="letmein" />

This works ok and allows me to login and authenticate as expected, e.g. user1@domain1 or user1@domain2. The problem I have is that this setup requires every domain to be set up with the same domain access code, in this case "letmein".

Ideally we would like each domain to potentially have different access codes. The documentation suggest this is possible by using an external domain registry and states the following:

Set the External domain registry for multi-tenant applications
The OERealmAuthProvider provides support for using an administrator-generated Domain
Registry file to sign and seal ClientPrincipals in multi-tenant applications. This file contains a list of domains that are allowed to have access to the ClientPrincipal.
To use the Domain Registry file:
  1. Use the gendomreg command, located at $DLC/bin, that takes a formatted text file as input and creates a secure binary Domain Registry file. The text file lists OE domains that are allowed to have access to the ClientPrincipal in the Domain-name=Domain-access-code format. Each domain must be listed in a separate line.
  2. Copy the Domain Registry file to the OE REST Web application’s /WEB-INF/classes
directory.
  3. Configure the OERealmAuthProvider bean to load and sign a ClientPrincipal.

I seem unable to get this working, is there a particular name that the generated domain registry file must have? or is there another property we need to set?

Thanks for any assitance