Configuring an Authentication Service
To deploy an authentication service in the portal, you
must configure a set of portal objects.
This topic describes how to configure portal objects in
order to register your authentication service in the portal. The steps
are specific to the needs of authentication services and assume that
you are familiar with creating and configuring portal objects. For
more details on portal objects, see the portal online help.
- Create and configure a Remote Service object.
This is optional. Configuring a Remote Service object allows
multiple services to share a single remote service configuration.
Authentication Web Services can use either a Remote Service object
or hard-coded URLs.
- Create and configure a Web Service — Authentication.
Each remote authentication service must have an associated
Authentication Web Service object. The Authentication Web Service
editor allows you to specify general settings for the back-end system.
The following settings are necessary for Authentication Services:
- The encoding style must reflect the service
implementation (.NET vs Java). The encoding style is set on the Advanced Settings page. For .NET, you must set the encoding
to Document/Literal. Java uses the default, RPC/Encoded.
- All configuration pages must be entered on the Advanced
URLs page. You can add configuration pages to the Authentication Source editor. These URLs must be entered
on the Advanced URLs page.
- Create and configure an Authentication Source
— Remote
Each Authentication Web Service has one or more associated
Remote Authentication Source objects that define basic settings.
Keep the following in mind when configuring the Authentication
Source:
- Users imported by a synchronization service must be unique
by name and Authentication Source. The portal identifies users
first by their category, then by username; this combination must be
unique per user. It is a best practice to use the source domain for
the category name. The category is entered in the Authentication Source
editor. You can use the same category for multiple back-end systems,
but the systems must not have users or groups with the same name.
- The description of the Authentication Source object is displayed
on the portal login page. Creating an Authentication Source object
with a synchronization component creates an option in the authentication
source drop-down list on the portal login page. The name that appears
in the drop-down list is the description of the Authentication Source
object. Enter a description that users will recognize.
- By default, the portal performs partial users synchronization. Confirm that the synchronization settings are correct for the service.
The default of Partial User Synchronization may not perform the synchronization
you desire.
- Create a configure a Job.
To run the authentication service, you must schedule a job
or add the Authentication Source to an existing job. The Remote Authentication Source editor allows you to set
a job.