In order for user segment security to work, you must add credentials in two places:
To the
credentialStoreMap. TheRequestCredentialAccessControllercomponent references this map when determining if a request includes a valid credential.To the Workbench so that it can pass a valid credential along with the user segment request.
Modifications to REST security credentials stored in the credentialStoreMap are effective immediately after they are saved. Modifications to the Workbench security credential require a restart before those changes become available for use.
Managing Credentials in the credentialStoreMap
You can add a credential to the credentialStoreMap using either CIM or Dynamo Server Admin. Follow the instructions below to add a security credential to the credentialStoreMap using CIM.
In the CIM MAIN MENU, select [2] Configure OPSS Security.
In the SECURITY DEPLOYMENT MENU, choose [1] Enter the location to deploy OPSS files.
Press Enter to accept the default location for OPSS files.
In the SECURITY DEPLOYMENT MENU, choose [2] Enter the security credential for REST Services.
Enter the new credential at the prompt. The credential can be any text, similar to a password, however it should correspond to your organization’s OPSS security platform requirements.
Re-enter the credential to confirm it.
In the SECURITY DEPLOYMENT MENU, choose [3] Deploy configuration files.
In the COPY CREDENTIALS TO SHARED DIRECTORY menu, choose [D] Deploy to
/<ATG11dir>/home/../home/security.In the VERIFY WHETHER TO OVERWRITE CURRENT DIRECTORY CONTENTS menu, choose [D] Deploy OPSS configuration files.
In the SECURITY DEPLOYMENT MENU, choose [D] Done.
Alternatively, you can add or delete security credentials using Dynamo Server Admin.
To enter security credentials in Dynamo Server Admin:
In a browser, navigate to the instance of Dynamo Server Admin that is running on the user segment server:
http://<user_segment_server_host>:<user_segment_server_HTTP_port>/dyn/adminIn the authentication dialog box, enter the Dynamo Server Admin username and password click OK.
(WebLogic only) Depending on how you configured your environment, WebLogic may require an additional login for the WebLogic server. If necessary, enter your WebLogic username and password, and then click OK.
You see the Administration home page.
Click the Component Browser link.
Navigate to
/atg/dynamo/security/opss/csf/CredentialStoreManager.From the Action drop-down menu, choose Create Generic Credential and then click Select.
In the Map Name field, enter
requestCredentialMap.Enter a key name in the Credential Key Name field, for example,
key1. Use a unique key name to enter a new credential. Use an existing key name to replace the credential for that key name.Enter the new credential in the Enter Credential area. The credential can be any text, similar to a password, however it should correspond to your organization’s OPSS security platform requirements.
Click Submit Credentials.
To delete an existing REST security credential:
In a browser, navigate to the instance of Dynamo Server Admin that is running on the user segment server. See the previous section for detailed instructions on how to do this.
Click the Component Browser link.
Navigate to
/atg/dynamo/security/opss/csf/CredentialStoreManager.From the Action drop-down menu, choose Delete Credential and then click Select.
Select the credential you want to delete.
Click Delete Credential.
Managing Credentials in the Workbench
To manage credentials in the Workbench, you use the manage_credentials script in the /credential_store/bin directory under ToolsAndFrameworks.
To add a credential to the Workbench:
In a UNIX shell or command prompt, navigate to the
ENDECA_TOOLS_ROOT/credential_store/bindirectory, for example,/usr/local/endeca/ToolsAndFrameworks/version/credential_store/binorC:\Endeca\ToolsAndFrameworks\version\credential_store\bin.Enter one of the following commands.
On UNIX, enter:
./manage_credentials.sh add --user admin --config [pathtojps-config.xml] --type generic --mapName restService --key clientCredentialFor example:
./manage_credentials.sh add --user admin --config $ENDECA_TOOLS_ROOT/server/workspace/credential_store/jps-config.xml --type generic --mapName restService --key clientCredentialOn Windows, enter:
manage_credentials.bat add --user admin --config [pathtojps-config.xml] --type generic --mapName restService --key clientCredentialFor example:
manage_credentials.bat add --user admin --config %ENDECA_TOOLS_ROOT%\server\workspace\credential_store\jps-config.xml --type generic --mapName restService --key clientCredentialEnter the new credential at the prompt.
Re-enter the credential to confirm the addition.
Follow the instructions below to restart the ToolsAndFrameworks service.
To restart the ToolsAndFrameworks service:
In a UNIX shell or command prompt, navigate to the
ENDECA_TOOLS_ROOT/server/bindirectory, for example,/usr/local/endeca/ToolsAndFrameworks/version/server/binorC:\Endeca\ToolsAndFrameworks\version\server\bin.Execute the
shutdownscript.On UNIX, enter:
./shutdown.shOn Windows, enter:
shutdown.batExecute the
startupscript.On UNIX, enter:
./startup.shOn Windows, enter:
startup.bat
To delete a credential:
In a UNIX shell or command prompt, navigate to the
ENDECA_TOOLS_ROOT/credential_store/bindirectory, for example,/usr/local/endeca/ToolsAndFrameworks/version/credential_store/binorC:\Endeca\ToolsAndFrameworks\version\credential_store\bin.Enter one of the following commands.
On UNIX, enter:
./manage_credentials delete --user admin --config [pathtojps-config.xml] --mapName restService --key clientCredentialFor example:
./manage_credentials delete --user admin --config $ENDECA_TOOLS_ROOT/server/workspace/credential_store/jps-config.xml --mapName restService --key clientCredentialOn Windows, enter:
manage_credentials.bat delete --user admin --config [pathtojps-config.xml] --mapName restService --key clientCredentialFor example:
manage_credentials.bat delete --user admin --config %ENDECA_TOOLS_ROOT%\server\workspace\credential_store\jps-config.xml --mapName restService --key clientCredentialYou are notified when the credential is successfully deleted.
