Available in Nexus Repository OSS and Nexus Repository Pro

The feature view for security realms administration displayed in Figure: “Security Realms Administration” allows you to activate and prioritize security realms used for authentication and authorization by adding them to the Active list on the right and placing them higher or lower on the list. It can be accessed via the Realms menu item located under Security, in the Administration main menu.

Figure: Security Realms Administration

Effectively, this configuration determines what authentication realm is used to grant a user access and the order the realms are used.

Local Authenticating Realm and Local Authorizing Realm

These are the built-in realms used by default. They allow the repository manager to manage security setup without additional external systems.

Recommended Ordering

Sonatype recommends keeping the Local realms at the top of the active list.  In the event of system recovery, if you have them lower in the order (or removed), restoration may be more difficult.

Crowd Realm

This realm identifies external storage in an Atlassian Crowd system with details documented in Atlassian Crowd Support.

Docker Bearer Token Realm

This realm permits docker repositories with the ability to have anonymous read enabled on their repositories in conjunction with the Force basic authentication configuration setting.  This is documented further in Authentication, found in the Docker section.

LDAP Realm

This realm identifies external storage in an LDAP system including e.g., Microsoft ActiveDirectory, ApacheDS, OpenLDAP with details documented in LDAP.

npm Bearer Token Realm

This realm permits users with previously generated bearer tokens to publish npm packages. See npm Security to learn how to establish a connection in order to publish.

NuGet API-Key Realm

This realm is required for deployments to NuGet repositories as documented in NuGet Repositories.

Rut Auth Realm

This realm uses an external authentication in any system with the user authorization passed to the repository manager in a HTTP header field with details documented in Authentication via Remote User Token.

User Token Realm

This realm activates token-based authentication for users as a substitute for plain-text username and password authentication. When the user token capability is enabled, the realm is automatically added to the Active Realms list. A full description of this realm is documented in Accessing User Tokens in Realms.

Removing all realms from the Active section prevents access to the repository manager for any user including any administrative access and has to be avoided.