Using the security proxy adapter

This section illustrates how to use the security proxy personalization adapter by creating single-sign-on access to a back-end accounting system.

Create an asset in Enterprise Security that logically represents the back-end application to which you want to construct single sign-on access, then create a personalization key for the security proxy adapter.

Creating a new security asset

1. Log in to Web Studio as a user with LIST, READ, and UPDATE permissions on the AssetCtrlAsset; for example, log in as the PSO with the “pso” user name and the “123qwe” password.

2. When the Web Studio main window displays, select Administer | Organizations.

3. Select Assets in the Organization Manager menu, then click New.

4. When the Create New Asset window displays, enter or select:

   • Asset Name – a name for the asset. For example, “Accounting”. You could also enter the actual name of the back-end accounting system.

   • Asset Type – select either Unspecified or URL.

     Access controls for ProxyAuthInfo attach to assets checks if the user has LIST, READ, and UPDATE permissions on the asset. To grant those permissions, you must choose an asset type with at least these three permissions associated with it, which the Unspecified and URL types have. Do not use the assets with names prepended with “EP”, which do not have those permissions.

   • Description – a text description for the asset.

5. Click OK.

Granting permissions on the new asset

Before anybody can associate their own personal ProxyAuthenticationInfo objects with an asset, they must have LIST, READ, and UPDATE permission on that asset.

1. In Web Studio, select Administer | Organizations if it is not already selected.

   Select Assets from the Organization Manager menu, then right-click the newly created asset and select Manage Access Permission.

2. When the Manage Access Permission on Asset window displays, grant:

   • LIST and UPDATE permission to studio administrators who need to create asset-level proxy authentication autofill adapter keys on the asset.

   • READ permission to everyone who should have SSO access into the target (accounting) system.

   You can grant the READ permission through one or more roles. Before any user can create their own ProxyAuthenticationInfo for this asset in Portal Interface (using MyInfo | Personalize), they must have a role with READ permission.

3. Click OK.

Copying the asset’s distinguished name

Copy the asset’s distinguished name (DN) so you can paste it into a dialog box when you create the autofill keys.

1. Click the new asset in the Organization Manager right pane and click Edit. The full Asset DN is shown in the New Asset dialog box.

2. Highlight the Asset DN and press Ctrl+C on your keyboard or right-click and select Copy. You must know the full DN when you create autofill keys for this asset—the key names include the full DN.

3. You can change the Asset DN to anything you want as long as it is a unique asset name across all assets in the Enterprise Security Access Control Database (ACDB). For example, the original DN might have been:

   a1=Accounting,dc=sybase,dc=com
   

   which you can change to a simpler:

   Accounting
   

   Sybase recommends that you shorten the DN so administrators and portal users can more easily understand the key’s purpose.

Creating the personalization key

The security proxy adapter administrative implementation is based on asset-level ProxyAuthenticationInfo definitions. This insures that any Web Studio user can view ProxyAuthenticationInfo personalization keys as they configure portlet parameters; that is, anyone with READ permission on an asset can access the asset-level ProxyAuthenticationInfo.

1. In Web Studio, select Manage | Personalize from the left pane.

2. Select Security Proxy from the Personalize Manager Adapters menu, then click New.

3. When the Create New Key window displays, enter or select:

   • Name – the name of the asset for which you are creating the ProxyAuthenticationInfo key. If the asset’s common name is unique within Enterprise Security, that is sufficient. If the asset’s common name is not unique, you must enter the asset’s complete distinguished name. For our example, put your cursor in the field and press Ctrl+V to paste in the full DN that you copied from the Edit Asset dialog box.

   • Type, Permission, Description – these values are ignored.

4. Click OK. The personalization adapter creates an asset-level ProxyAuthenticationInfo key on the asset.

5. When the message displays that the personalization key was saved successfully, click OK.

   When you create a ProxyAuthenticationInfo key, the portal generates three personalization keys—user name, password, and URL.

In the Key Name column you see three new keys created for this adapter; for example:

password/a1=Accounting,dc=sybase,dc=com
URL/a1=Accounting,dc=sybase,dc=com
userid/a1=Accounting,dc=sybase,dc=com

There are three keys generated from the one asset name you entered in the Create New Key window. These keys correspond to the three attributes of the PAI. These keys are marked READ ONLY because you cannot modify the key name—the name is tightly associated with the asset to which the ProxyAuthenticationInfo key is attached.

Using the ProxyAuthenticationInfo personalization keys

1. In Web Studio, select Build | Portlets.

2. Right-click anywhere in the Portlet Manager detail view and select New Aggregated Portlet.

3. When the Portlet Builder displays, click the down arrow to the right of the Add button and select JSP Element.

   This example uses the JSP element, but any element type that uses CGI parameters (Web, database, Web service) can be used with the personalization autofill keys.

4. The JSP Element Definition window displays. For example, select Use Web Application and fill in the name of your WAR file. Add a Web App Display Name and the Initial Resource (the JSP page that initially displays).

5. Enter input parameters using this format:

   parametername=X&parametername=Y&parametername=Z
   

   where parametername is the actual name to display for each parameter. For example:

   URL=X&USERNAME=Y&PASSWORD=Z
   

   The X, Y, and Z are default input values and can be anything. The “&” separate each parameter definition.

6. Click Next when you are satisfied with your entries.

7. On the Finish window, enter the Element name, then click Finish.

8. Select the Configure option for each parameter that you want to configure.

9. Click Next. You see the Setup Configuration window.

   You can reorder parameters, enter defaults, and perform other functions.

   • Enter Setup Description HTML – enter a description to appear above the parameters in the portlet.

   • Position – use the up and down arrows to reorder the parameters.

   • Display Name – the name entered for the parameter. Set the Display Type to None to hide parameters.

   • Default Value – the default value entered when you created the parameters during portlet creation. You can change these values here to any value to automatically populate the input field. If you leave the field blank, “Default” displays here.

   • Display Type – select the input field type: Text Field, Password, Text Area, None.

     If the display type is not Password or a password parameter, the actual password displays in preview windows, and so on. When you select the Password display type, you see only ******** displayed.

     Also, password autofill keys are available from the Key drop-down list only when the Display Type for a parameter is set to Password. For example, the password/accounting key would not be available in the Key list for URL or user name because their Display Type is not Password.

   • Personalize – select the adapter you want to use. For example, Security Proxy. Once you select an adapter, the available keys for that adapter display in the Key drop-down list.

   • Key – select a method to specify the parameter within the Auto-fill adapter to submit to the portlet.

   • Required – select whether the user must provide input for this parameter.

10. Click Next. You see the Setup Preview window with a preview of the portlet and parameters.

11. Click Save. You return to the Portlet Builder.

12. Click Save to save the portlet.

13. When the Finish window displays, complete the options, then click Finish.

14. Click Close to exit the Portlet Builder.

15. When you return to the Portlet Manager, select New from the Status menu, right-click the new portlet, and select Approval Status | Approved.

    Now you can add the portlet to a page and page group and update Portal Interface.

Copyright © 2004. Sybase Inc. All rights reserved.

View this book as PDF