Introduction / FirstSpirit Server configuration / Configuration files (FirstSpirit Server) / Login process (fs-jaas.conf)

Login process configuration (fs-jaas.conf)

The file fs-jaas.conf is located in the FirstSpirit Server subdirectory conf and contains configuration settings for the login process at the FirstSpirit Server.

The configuration file fs-jaas.conf can be changed via the FirstSpirit ServerManager (see JAAS configuration) or via ServerMonitoring (see Login configuration). The changes are subsequently written into the configuration file and updated on the server. If access to the file system is available, fs-jaas.conf can also be changed directly via the configuration file. Comments commence with //.

Important If the configuration file fs-jaas.conf is changed via the file system, the file is automatically updated on the server (default: every 60 sec.). The server does not have to be restarted.

JAAS modules

FirstSpirit uses the Java standard JAAS (Java Authentication and Authorization Service) for user authentication. The JAAS modules on the following pages are already integrated in FirstSpirit and provide various user authentication methods (each module name starts with the prefix de.espirit.firstspirit.server.authentication., i.e. for example de.espirit.firstspirit.server.authentication.FSUserLoginModule):

JAAS module name

Short description


Password check against the FirstSpirit user database


Authentication against LDAP server


Ticket from FirstSpirit user database


Ticket from the Windows-NETBIOS-domain (NTLM)


Kerberos ticket (integrated Windows login)


Ticket from the SAP server


Ticket from Windows


Logging in via the HTTP request header


General notes about the JAAS configuration

A user account is automatically transferred into the FirstSpirit system after successful authentication for all login modules. The login name is used as a unique identifier; thus ensuring the allocation of user accounts to projects in project exports.

Important Automatic creation of user accounts can be suppressed by adding the parameter JAAS.autoCreateUser to the fs-server.conf file and setting it to the value false:


If the parameter is not set, the default value is true. Thus, new user accounts are automatically created if JAAS.autoCreateUser is not set.

The login modules can be allocated to the FirstSpirit components SiteArchitect, ContentCreator, Webmonitor and Access API. Symbolic names are at first chosen as an intermediate step for the allocation; these symbolic names are allocated to individual FirstSpirit components at a later date. Enter one or more login modules under each individual symbolic name in file fs-jaas.conf.

If several login modules are entered, they are processed in the specified sequence until the user has been successfully authenticated. Please note that authentication methods without password but with ticket are entered in front of those with password check. Additionally, each login module has to be allocated with the JAAS attribute optional. “Optional” means that at least one of the login modules should have executed successful authentication to permit user login at FirstSpirit. Other JAAS attributes, such as sufficient, required or requisite, should not be used for FirstSpirit, otherwise FirstSpirit-specific login attributes will not be transferred from one login module to the other. These FirstSpirit-specific login attributes are also the reason that external JAAS modules can only be used for FirstSpirit with an additional wrapper class.

The following symbolic names are used as default allocation: plain, sso, webplain, websso, system.

Allocation of the symbolic names to the individual FirstSpirit components occurs in file fs-server.conf via the parameters JAAS.*.

The default configuration as defined during installation is shown below:


Allocation of the FirstSpirit components to the parameter names:


Parameter name





all FirstSpirit web applications
(ContentCreator, start page, ServerMonitoring)
with SSO authentication


all FirstSpirit web applications
(ContentCreator, start page, ServerMonitoring)
without SSO authentication


Access API



© 2005 - 2024 Crownpeak Technology GmbH | All rights reserved. | FirstSpirit 2024.5 | Data privacy