This chapter describes how to enable Proxy Authentication in Convergence. The proxy authentication mechanism uses various components that Convergence depends on. You must have thorough knowledge of the following products and technologies:
Convergence administration
Directory Server administration
Knowledge of Communications Suite Schemas
Proxy authentication is performed by using the credentials of a more privileged user on behalf of a normal user. The user name and password of the privileged user requesting the authentication is sent with the user name of the user requesting the authentication.
The parameters include:
username - The user name of the privileged user.
password - The password of the privileged user.
proxyauth - The user name of the user for whom authentication is requested.
The protocol request must pass these parameters for performing authentication.
For proxy authentication to work, the privileged user (the Proxy Admin user) must be provisioned for the domain. A user is considered a proxy administration user if the LDAP entry has isMemberOf operational attribute, whose value is set to the DN of Service Administrators. The administration user must be a member of the Service Administrators group in the DC tree.
For example:
cn=Service Administrators, ou=Groups, DC_Root
The Service Administrators group and the administration user are provisioned when the administrators for Oracle Communications Messaging Server (admin) and Oracle Communications Calendar Server (calmaster) are configured. This user can also be used for Convergence proxy authentication.
To configure proxy authentication in Convergence, enable proxy authentication by setting the auth.ldap.enableproxyauth configuration parameter.For example:
iwcadmin -u admin -o auth.ldap.enableproxyauth -v true
Note:
Convergence does not provision an administrator user.Convergence requires the following parameters for performing proxy authentication based on a specific format that is applicable to the login.iwc or login.wabp commands.
For example:
http://hostname:port/iwc/login.iwc?username=username_privileged_user&password=password_privileged_user&proxyauth=username&fmt-out=text/json
Where the values for:
username_privileged_user is the user name of the privileged user.
password_privileged_user is the password of the privileged user.
username is the user name of the user for whom authentication is requested.
fmt-out=text/json specifies the JSON output. XML output is no longer valid.