In SMAPI, the ProxyAuthenticationInfoManagement interface provides methods to read, update, and delete proxy authentication information for any asset.
SMAPI method changes
In Enterprise Security version 6.0, the permissions required
to run SMAPI methods have changed. Table 5-26 describes the permissions
required to run the ProxyAuthenticationInfoManagement interface
methods.
All the SMAPI interfaces have been modified to use the object ID, instead of the DN, as the primary key. Methods still accept a DN to maintain backward compatibility, but performance improves if you use the object ID.
To view the SMAPI documentation, open a browser, and access docs/html/index.html in your Enterprise Security installation; then, select the com.sybase.ep.security.management package.
When building a single-sign on solution, an application that is designed to retrieve a user’s proxy authentication information (also called credentials) uses the PortalSession.findProxyAuthenticationInfo method. This method accepts the asset’s DN as a parameter and returns the user’s credentials if the user has read permissions for the specified asset. The user must have read permission for the method to return the user’s credentials.
findProxyAuthorization method
The findProxyAuthorization method is supported
for backward compatibility but is being replaced by the findProxyAuthenticationInfo method,
which accepts an asset DN or a unique asset name. If the asset name
is specified instead of the DN and the asset name is not unique,
an ObjectNotFoundException is thrown. For more
information, see the Javadocs in the docs/html/index.html directory
of your Enterprise Security installation.
The findProxyAuthenticationInfo method searches for credentials in this order:
User-based
Role-based
Asset-based
The search for user credentials stops as soon as the first set of credentials is found. For example, the methods search for user-based credentials first. If user-based credentials are not found, the methods then search for role-based credentials, and so on. If, however, user-based credentials are found, the search stops and the methods do not search for role- or asset-based credentials. You cannot use the PortalSession bean to modify the credentials.
If the user does not have read permission on the specified asset, no proxy authentication information is returned.
