|
||||||||||
PREV PACKAGE NEXT PACKAGE | FRAMES NO FRAMES |
See:
Description
Interface Summary | |
IAuthProvider | An interface that provides on-demand authentication against a remote system. |
IGroup | An interface that allows a synchronization service to query for the users and groups under a group. |
ISyncProvider | Interface that provides user and group synchronization functionality against a remote system. |
Class Summary | |
AuthConstants | Static SCI ( |
AuthInfo | A NamedValueMap for storing on-demand authentication service settings. |
ChildGroup | Represents a subgroup of a given user group. |
ChildGroupList | A wrapper for an array of ChildGroup objects. |
ChildUser | Represents a user contained within a user group. |
ChildUserList | A wrapper for an array of ChildUser objects. |
SyncInfo | A NamedValueMap for storing
settings for performing user/group synchronization. |
SyncObject | Represents an object to be synchronized, in this case a user or group. |
SyncObjectList | A wrapper for an array of SyncObject s. |
Provides interfaces for creating authentication and synchronization services for users and groups in WebCenter Interaction (WCI).
Remote authentication services are comprised of two parts: synchronization and authentication. Together, these components import new users and allow them to authenticate against the external system of record.
The synchronization component of an authentication service imports users from an external system into the portal so that the users can be categorized in the portal’s group hierarchy. The synchronization process is handled by the portal Automation Server, as scheduled in the Job associated with the Authentication Source object in the portal. Synchronization does not store users’ passwords in the portal database. Authentication is handled by the authentication component and the system of record.
The authentication component of an authentication service handles real-time authentication of portal users against an external system. Since the portal cannot change an externally managed password, a user’s login must be compared against the system of record. The remote authentication service must maintain state and handle the communication between the portal and the back-end system. The user name and password can be captured in the session at login to be used later for basic authentication. Users can be organized using existing groups or hierarchies, or separate authentication services can be used to organize users into portal-specific groups. A Single-Sign On (SSO) authentication service can store an SSO cookie on the user’s machine to be used by other services. Users imported by a synchronization service must be unique by name and authentication source. The portal identifies users first by their category, then by username; this combination must be unique per user. Authentication services can only be used to create users in the portal and manage their group associations. To import additional user information, use a profile service.
To view the SOAP endpoint to enter in the settings for the Authentication Web Service, open a browser and point it to http://<my_server>:<my_port>/<war_name>/services. For example, http://express-job1.devnet.plumtree.com:8080/HelloWorldAuth/services. The page should display "And now...Some Services." with a list of all defined services. The default endpoint for the Authentication URL is http://<my_server>:<my_port>/<war_name>/services/AuthProviderSoapBinding. The default endpoint for the Synchronization URL is http://<my_server>:<my_port>/<war_name>/services/SyncProviderSoapBinding. The default endpoint for the Service Configuration URL (if used) is http://<my_server>:<my_port>/<war_name>/services/SciProviderSoapBinding. If the DeployServlet was used to create the services, you will see the services with a developer-supplied prefix.
|
||||||||||
PREV PACKAGE NEXT PACKAGE | FRAMES NO FRAMES |
Copyright ©2010 Oracle® Corporation. All Rights Reserved.