This section provides documentation for the new CSI security providers introduced with EBF #13973:
CSI Remedy Action Request security provider – implements authentication and role-based access checks against the Remedy AR system. See “CSI Remedy Action Request security provider”.
CSI Business Objects security provider – implements authentication and role-based access checks against the Business Objects system. See “CSI Business Objects security provider”, and Technical Bulletin Unwired Accelerator 8.0 and Business Objects for Windows 2003 and XP.
With EBF #13973, Unwired Accelerator includes a Remedy Action Request (AR) security provider, which implements authentication and role-based access check against a Remedy AR system. The CSI Remedy AR security provider consists of an authentication provider and role-check based authorizer.
com.sybase.security.remedy.RemedyLoginModule – provides authentication services against Remedy Action Request server.
com.sybase.security.core.RoleCheckAuthorizer – provides authorization services using a CSI core class.
The CSI Remedy AR security provider does not support any certificate authentication capability. Once a user logs in Remedy AR system, there will be a session associated with the user. The length of the user’s session is determined by the timeout setting configured in AR system. When the session exceeds this time, the session times out and the user must log in again.
The CSI Remedy AR security provider requires the arapi63.jar file in CLASSPATH. The file is included in the Remedy AR installation, and should be copied to the Unwired Accelerator directory: %UA80%\tomcat\common\lib
In addition, add these Remedy files to the environment variable: arapi63.dll, arjni63.dll, arrpc63.dll, arutl63.dll, icudt28l.dll, icuin28.dll and icuuc28.dll.
To configure the CSI Remedy security provider, modify the csi.xml file, located
in %UA80%\tomcat\conf.
Search for RemedyLoginModule,
to find the Remedy AR section:
... <config:authenticationProvider name= "com.sybase.security.remedy.RemedyLoginModule" controlFlag="optional" > <config:options name="ServerName" value="localhost" /> <config:options name="ServerPort" value="0" /> <config:options name="UserLocale" value="" /> <config:options name="AllowGuest" value="false" /> </config:authenticationProvider> <config:provider name="com.sybase.security.portaldb.PortalDBAttributer" type="attributer" /> <config:provider name="com.sybase.security.core.RoleCheckAuthorizer" type="authorizer" /> <config:provider name="com.sybase.security.helpers.EverybodyRoleAuthorizer" type="authorizer" /> ...
See the Unwired Accelerator 8.0 Installation Guide for information about configuring security providers in csi.xml, and for using stacked security providers. See the sections that follow for information about the Business Objects security provider.
Table 4 defines the options that you can use to configure the authentication provider. Enable any of the options by adding the option name and value to csi.xml. You must add new option definitions within the authenticationProvider definition; that is, between the following two lines:
<config:authenticationProvider name="com.sybase.security.remedy.RemedyLoginModule"> ... </config:authenticationProvider>
Configuration option |
Default value |
Description |
|---|---|---|
ServerName |
localhost |
Remedy AR server host name. |
ServerPort |
0 |
Remedy AR server port number. |
UserLocale |
" " (blank) |
Remedy AR UserLocale. |
AllowGuest |
false |
Indicates whether Remedy AR allows a user as a guest. If set to true, an authenticated user is allowed access to Remedy; if set to false, an authenticated user receives error messages and is not allowed access to Remedy. |
Remedy AR role-based authorization is accomplished using the core RoleCheckAuthorizer. No Remedy-specific authorization provider is necessary.
For an authenticated user, Remedy APIs are invoked to return groups to which the user belongs. The CSI Remedy security provider relies on user group membership to compute user roles.
With EBF #13973, Unwired Accelerator includes a Business Objects security provider, which implements authentication and role-based access checking against a Business Object XI, Release 2 system. The CSI Business Objects security provider consists of an authentication provider and role-check based authorizer.
com.sybase.security.businessobjects.BOLoginModule – provides authentication services against Business Objects CMS server.
com.sybase.security.core.RoleCheckAuthorizer – provides authorization services using a CSI core class.
The Business Objects security providers does not support any certificate authentication capability. Once a user logs into the Business Objects CMS server, the user is granted a CMS session. CMS preserves the session information until the user logs off.
The CSI Business Objects security provider requires the following Business Objects JAR files in the CLASSPATH environment variable: cecore.jar, celib.jar, ceplugins.jar, cereports.jar, cesession.jar, ceutils.jar, cexsd.jar, Serialization.jar, corbaidl.jar, and ebus405.jar. The files are included with the Business Objects installation, and should be copied to the Unwired Accelerator directory: %UA80%\tomcat\common\lib
To configure the CSI Business Objects security provider, modify
the csi.xml file, located in %UA80%\tomcat\conf.
Search for BOLoginModule,
to find the Business Objects section:
... <config:authenticationProvider name= "com.sybase.security.businessobject.BOLoginModule" controlFlag="optional" > <config:options name="ServerName" value="localhost" /> <config:options name="ServerPort" value="6400" /> <config:options name="AuthenticationType" value="secEnterprise" /> </config:authenticationProvider> <config:provider name="com.sybase.security.core.RoleCheckAuthorizer" type="authorizer" /> <config:provider name="com.sybase.security.helpers.EverybodyRoleAuthorizer" type="authorizer" /> ...
See the Unwired Accelerator 8.0 Installation Guide for information about configuring security providers in csi.xml, and for using stacked security providers. See the sections that follow for information about the Business Objects security provider.
Table 4 defines the options that you can use to configure the authentication provider. Enable any of the options by adding the option name and value to csi.xml. You must add new option definitions within the authenticationProvider definition; that is, between the following two lines:
<config:authenticationProvider name="com.sybase.security.businessobject.BOLoginModule"> ... </config:authenticationProvider>
Configuration option |
Default value |
Description |
|---|---|---|
ServerName |
localhost |
The Business Objects CMS server hostname. |
ServerPort |
6400 |
The default Business Objects CMS server port number. |
AuthenticationType |
secEnterprise |
The Business Objects server authentication mechanism. Valid values include: secEnterprise, secLDAP, secWinAD and secWindowsNT. |
Business Objects role-based authorization is accomplished using the core RoleCheckAuthorizer. No Business Objects-specific authorization provider is necessary.
For authenticated user, Business Objects APIs are invoked to return groups to which the user belongs. CSI Business Objects provider relies on user group membership to compute user roles.
