Available in Nexus Repository OSS and Nexus Repository Pro
The feature view for security realms administration displayed in Figure: “Security Realms Administration” allows you to activate and prioritize security realms used for authentication and authorization by adding them to the Active list on the right and placing them higher or lower on the list. It can be accessed via the Realms menu item located under Security, in the Administration main menu.
Access is granted by the nx-all or nx-settings privilege. There is no specific security privilege for just this page in the UI.
Figure: Security Realms Administration
Effectively, this configuration determines what authentication realm is used to grant a user access and the order the realms are used.
Local Authenticating Realm and Local Authorizing Realm
These are the built-in realms used by default. They allow the repository manager to manage security setup without additional external systems.
Sonatype recommends keeping the Local realms at the top of the active list. In the event of system recovery, if you have them lower in the order (or removed), restoration may be more difficult.
Conan Bearer Token Realm
This realm is required for uploading to Conan repositories and produces tokens in response to the
conan user ... command; see Conan's documentation.
This realm identifies external storage in an Atlassian Crowd system with details documented in Atlassian Crowd Support.
Default Role Realm
This realm will append the configured role to all users when they are authenticated; see the Default Role page.
Docker Bearer Token Realm
This realm permits docker repositories with the ability to have anonymous read enabled on their repositories in conjunction with the Force basic authentication configuration setting. This is documented further in Docker Authentication, found in the Docker section.
This realm identifies external storage in an LDAP system including e.g. Microsoft ActiveDirectory, ApacheDS, OpenLDAP with details documented in LDAP.
npm Bearer Token Realm
This realm permits users with previously generated bearer tokens to publish npm packages. See npm Security to learn how to establish a connection in order to publish.
NuGet API-Key Realm
This realm is required for deployments to NuGet repositories as documented in NuGet Repositories.
Rut Auth Realm
This realm uses an external authentication in any system with the user authorization passed to the repository manager in a HTTP header field with details documented in Authentication via Remote User Token.
This realm uses an external Identity Provider (IdP) to handle authentication, with details documented in the SAML page.
User Token Realm
This realm activates token-based authentication for users as a substitute for plain-text username and password authentication. When the user token capability is enabled, the realm is automatically added to the Active Realms list. A full description of this realm is documented in Accessing User Tokens in Realms.
Removing all realms from the Active section prevents access to the repository manager for any user including any administrative access and has to be avoided.