Authentication Plugins |
|
Authentication of the WS-Security user name token profile happens at service group level. Before a SOAP request is processed, the WS-Security user name token is processed and authenticated with an authentication plugin.
The responsibility of the authentication plugin is to check the given credentials against an authentication backend. Examples of authentication back-end(s) are: SQL databases, LDAP directories, PAM,and so on.
By default, every service group uses an authentication plugin that authenticates against Process Platform LDAP. The default plugins provided with Process Platform are:
- Standard Authenticator
- OpenText CARS Authenticator
- LDAP Authenticator
You can choose to write custom authentication plugins.
Writing a Custom Authentication Plugin
If you want to let service groups authenticate against an external backend, you can write a custom authentication plugin. The procedure to write this custom authentication plugin is described in Writing an Authentication Plugin.
It is important to correctly install the authentication plugin in every service group that must authenticate against the plugin.
Installing an Authentication Plugin
If you have an authentication plugin and you want service groups to authenticate using that plugin, you must install the plugin and configure the service group to use the plugin.
Remember that the Single Sign-On component is a service group and needs to be configured the same way.
The procedure to install a custom authentication plugin is described in Installing an Authentication Plugin.