Identity Services allow you to integrate established repositories of user information into your portal. Users, groups, and group membership configuration can be imported into the portal. Users logging into the portal can be authenticated against the existing system of record. Information about users can be imported from any number of external sources and mapped to portal properties, which can then be made available to the portal or other services.
Authentication services are used to import users into the portal and authenticate them against a back-end system.
Profile services are used to import information about existing portal users from external systems and map that information to portal properties.
Other methods of controlling users in your portal implementation, such as adding functionality to the user creation process, are also available.
Authentication services are comprised of two parts: synchronization and authentication. Together, these components import new users and allow them to authenticate against the external system of record.
The synchronization component of an authentication service imports users from an external system into the portal so that the users can be categorized in the portal's group hierarchy. The synchronization process is handled by the portal Automation Server, as scheduled in the Job associated with the Authentication Source object in the portal.
Synchronization does not store users' passwords in the portal database. Authentication is handled by the authentication component and the system of record.
Note: Creating an Authentication Source object with a synchronization component creates an associated option in the Authentication Source drop-down list on the portal login page. The name that appears in the drop-down list is the Description of the Authentication Source object. Enter a description that all users will recognize.
The authentication component of an authentication service handles real-time authentication of portal users against an external system. Since the portal cannot change an externally managed password, a user's login must be compared against the system of record. The remote authentication service must maintain state and handle the communication between the portal and the back-end system. The user name and password can be captured in the session at login to be used later for basic authentication.
The following pages provide detailed instructions on developing custom authentication services:
Authentication Service Internals: A description of the interfaces that must be implemented when creating an authentication service, and how the interfaces will be called by the portal.
Implementing an Authentication Service: Step by step instructions on implementing the required interfaces, with example code.
Deploying an Authentication Service: How to deploy the authentication service to a Java or .NET application server.
Configuring an Authentication Service: How to configure the authentication service in the portal.
Profile services are used to import information about existing portal users from external systems. This information is mapped to portal properties and made available to other services.
The purpose of a profile service is to import information about portal users from an external system into the portal so that the information can be used by the portal and other services. The first step is to synchronize the user information in the external system with existing users in the portal; this is the process that must be handled by the remote service. As with authentication services, the synchronization process is handled by the portal Automation Server, as scheduled in the Job associated with the Profile Source object in the portal.
The profile information imported by the profile service must be associated with portal properties so that it can be accessed by portal objects and other remote services. (For details, see Configuring a Profile Service.)
The following pages provide detailed instructions on developing custom profile services:
Profile Service Internals: A description of the interfaces that must be implemented when creating a profile service, and how the interfaces will be called by the portal.
Implementing a Profile Service: Step by step instructions on implementing the required interfaces, with example code.
Deploying a Profile Service: How to deploy the profile service to a Java or .NET application server.
Configuring a Profile Service: How to configure the profile service in the portal.
In addition to the authentication and profile services, the following functionality is available to control portal users in your implementation:
Experience definitions let you tailor portal experiences for different groups of users.
The ICreateAccountActions Programmable Event Interface (PEI) allows you to add functionality to the account creation process.
Remote User Operations allow you to access and manage portal users from remote applications.