Configuring OpenText CARS Authenticator for a Service Group |
|
Before you begin this task:
You must have the system administrator or organizational administrator role to perform this task.
This configuration must be done for every service group that needs to handle SOAP requests with WS-Security UsernameToken profile as authentication method.
The OpenText CARSAuthenticator class is explicitly written for user validation against Process Platform Admin Repository Server (OpenText CARS). It supports the WS-Security Username Token profile.
- On CUSP > My Applications , click
(LDAP Explorer). The LDAP Explorer window appears. - Navigate to cordys > <organization> and select the service group that should be configured with OpenText CARS Authenticator. The service group details are displayed.
- Click the
button in the bussoapnodeconfiguration row. The String (xml) - Edit XML for string window appears. - Add the authenticator node by copying the following text inside the <configuration> tag.
<authenticator implementation="com.eibus.security.authentication.OpenText CARSAuthenticator"/>
- Click
to save your changes. - Restart the service as follows:
- On CUSP > My Applications , click
(System Resource Manager). The System Resource Manager window appears. - Right-click <service container> and click Restart.
- On CUSP > My Applications , click
- If you want to adjust the expiry timeframe for user name tokens containing a creation timestamp, set the property
bus.identity.wsusername.expirytimein wcp.properties.
The service group is now configured so that it can handle SOAP requests using the WS-Security Username Token profile for user authentication.
When Process Platform Authentication is being used, usually only the Single Sign-on Service Group needs to configured regarding authentication, since all other service groups are accessed with a SAML assertion in the header instead of the user name token. The Single Sign-on Service Group by default has support for WS-Security Username Token profile.