Realms
What are Realms?
Realms define a Sonatype Nexus Repository user's authentication source (e.g., Local Authentication, LDAP Realm, etc.).
Configuring Realms
Note
To manage realms, you must have the nx-all or nx-settings privilege.
Your Sonatype Nexus Repository instance is likely to use multiple security realms, so it is important to configure the order in which realms are used when granting access. You can manage your active realms under Administration → Security → Realms as shown in the image below.
Here, you can activate and prioritize security realms by adding them to the Active list in the right-hand column and then moving them higher or lower on the list using the up and down arrows available next to each active realm. Select the Save button to save any changes.
The order in which you have your active realms determines what authentication realm is given priority for granting a user access in the event of a name clash between authentication realms .
Warning
Do not remove all realms from the the Active section. Doing so prevents access to Sonatype Nexus Repository for any user, including administrators.
Available Realms
The table below provides details about each available security realm in Sonatype Nexus Repository.
Realms | Details |
---|---|
(Pro-Only) | This realm is required for using Cargo tokens for authentication when publishing crates to a Cargo repository. See our Cargo help documentation for details. |
This realm is required for uploading to Conan repositories and produces tokens in response to the | |
This realm identifies external configuration in an Atlassian Crowd system. Details are documented in Atlassian Crowd Support. | |
This realm will append the configured role to all users when they are authenticated; see the Default Role page. | |
This realm is required to access Docker repositories through a Docker client or other container image manager (e.g., Docker Desktop, Docker Engine, Podman, etc.). It is also required in order to allow anonymous pull access to Docker repositories. See the Docker Authentication help topic for more information. | |
This realm identifies external storage in an LDAP system (e.g., Microsoft ActiveDirectory, ApacheDS, OpenLDAP, etc.). See the LDAP help topic for more information. | |
This is a built-in realm and is used by default. They allow Sonatype Nexus Repository to manage security setup without additional external systems. Note Sonatype recommends keeping the Local Authenticating realm at the top of the active list. In the event of system recovery, restoration may be more difficult if you have it lower in the order or removed. | |
This realm permits users with previously generated bearer tokens to publish npm packages. It also allows users to establish the authentication to a repository with the | |
This realm is required for deployments to NuGet repositories as documented in the NuGet Repositories help topic. | |
This realm allows you to use any external security system that passes along user details via HTTP headers for requests to Sonatype Nexus Repository. See the Authentication via Remote User Token help topic for details. | |
This realm uses an external Identity Provider (IdP) to handle authentication. See the SAML help topic for more information. | |
This realm allows you to use user tokensas a method for authentication that would normally require passing your username and password in plain text. See the Security Setup with User Tokens help topic for details on user tokens. |