Unwired Accelerator is integrated with Common Security Infrastructure (CSI) and leverages CSI 2.5 to perform security tasks such as authentication, authorization, and auditing. For information about auditing, see the Unwired Accelerator Administration Guide.
CSI uses the Java Authentication and Authorization Services (JAAS) model so that UA can integrate with different security providers without requiring you to update code.
The CSI configuration file, csi.xml, is located in the $UA80/tomcat/conf directory. You can configure this file to specify which security providers to use. You can also configure several security providers, stacked together, to meet your security requirements.
A CSI realm is an abstract interface to security information such as user names, passwords, and role membership. When a user logs in to Unwired Accelerator, the user’s name and password are verified against the data server, and if valid, role information is retrieved to provide Tomcat with a list of the user’s roles.
You can use various options to require either one or more authenticators, and you can also control the order in which they are called. You can also specify whether, after authenticating to LDAP, user roles are pulled from PortalDB, or if the roles come only from LDAP. If you authenticate only to LDAP, you get roles only from LDAP.
You can also configure CSI to perform mutual certificate authentication, or 2-factor Remote Authentication Dial-In User Service (RADIUS) authentication, for example by using a PIN from a Smartcard.
For development, you may want to use the preconfigured
PortalDB provider, as it can simplify debugging.
