pp108 : Configuring OTDS Authenticator

Configuring OTDS Authenticator
This topic describes the procedure to configure an OTDS Authenticator that is used for user interface based authentication.

Before you begin this task:

Before an Authenticator of type OTDS can be used with Process Platform, a resource must be available in OTDS. For more information on creating a resoure, see OTDS documentation. When a Resource for Process Platform is available in OTDS, it can be used to configure an OTDS Resource in Process Platform. For generic information on OTDS Resources, see OTDS Resources and Trust, and for more information on creating and activating the OTDS Resource in Process Platform, see Managing OTDS Resources.

To create the OTDS Resource in Process Platform the OTDS Server URL and Resource ID must be known.

Before proceeding with below steps ensure that a Resource for Process Platform is available in OTDS and that a corresponding OTDS Resource is created and activated in the Process Platform.

Process Platform can integrate with different types of external Identity Providers (IdP). You can configure Process Platform with OpenText Directory Service (OTDS), a user authentication product for user authentication. This integration provides Single Sign-On feature to the users, which enables the users to sign in to OTDS once, instead of signing in for each application separately.

You must perform the following tasks to complete the integration process: 

  1. Create a resource in OTDS
  2. Configure and activate an OTDS Resource in the Process Platform

To set up Process Platform to rely on OTDS for its user interface-based authentication, the administrator must create an Authenticator. An Authenticator defines the OTDS Server and Resource to be used for authenticating the users. To create a new Authenticator for OTDS authentication, complete the following steps: 

  1. Click CUSP > My Applications > Security Administration > Authenticators, and do one of the following: 
    • To create an authenticator for all the organizations, click  on the Shared Authenticators grid. 
    • To create an authenticator for all the users in a specific organization, click  on the Organizational Authenticators grid. The Authenticator Properties dialog box appears.
  2. Provide a unique identifier for the Authenticator in the ID field. The identifier must be unique for each authenticator.
  3. In the Type list, click OTDS Authenticator.
  4. To mark this authenticator as the default authenticator, select the Default check box. When accessing Process Platform through the browser, a URL pointing to the instance is used. A URL parameter called authID can be used to force the use of a specific authenticator. In case the authID URL parameter is not specified, then the default authenticator is used. 
  5. To test this Authenticator before making it Default, select the Test only check box. The Test Url field displays the URL that is used to access the Process Platform instance with this Authenticator configuration active.
  6. Provide a meaningful description in the Description field.
  7. In the FrameProperties section, do the following: 
    • Select No Frame check box if you do not want any frame around the Login form.

      Note: This option reloads the page and results in losing the browser context. With this option, users can view the complete URL of the external Identity Provider, which gives more trust to the users. The users can validate going to a trusted site before providing username and password. This is the default and most secure setting.

    • Select the Maximize check box if you want the Login form to be displayed in a maximized frame.
    • If required, modify the Width and Height of the Frame that will display the Login form.
    • You can use the Target Frame field, to prevent the display of the complete form, in case Process Platform Forms are displayed in an external portal. In that case, specify the value CordysRoot as Target Frame. Generally, after the users are authenticated, the complete Form is reloaded. If you specify CordysRoot as Target Frame, the complete form is not displayed and instead only the part of the portal where the Process Platform Form is displayed is reloaded. Use this setting in combination with the No Frame option enabled. Note that this setting is not needed in combination with Process Experience.
  8. Use the Select Resource button to select the earlier activated OTDS Resource. The Resource configuration is shown.
  9. Specify the Public OTDS login URL if this is different from the OTDS Server URL. The OTDS Server URL is the URL to access the OTDS server from the internal network.
    If not on the internal network, the user must access the OTDS server and then specify the publicly accessible URL of the OTDS. This Public OTDS Server URL is used from the browser.
    The value specified in the Public OTDS login URL will be used as is. Ensure a complete login URL is specified. A typical OTDS login URL ends with /otdsws/login.

    Note: Example Public OTDS login URL: https://otds.acme.com/otdsws/login

    If the Public OTDS login URL is empty, the OTDS Server URL, extended with /otdsws/login is used.

  10. Click Save.
    Based on your need, the OTDS Authenticator is configured and added to either Shared Authenticators list or the Organizational Authenticators list.
Using the CordysBuiltIn Authenticator

If accessing the default OTDS Authenticator results in an unrecoverable error, the Administrator can still log in and correct the incorrect configuration using the Process Platform Built-In Authenticator.
To access the CordysBuiltIn Authenticator, you must use the authID URL parameter with the value CordysBuiltIn. This bypasses any default configured Authenticator and displays the built-in Process Platform login page.
Example:

 https://www.acme.com/home/myorg/?authID=CordysBuiltIn