Very helpful Doug. We are in the very first steps os a Single Sign On project. I summarize the steps:
1. The user pass through a web site where the user is validated, this web site get the user login and generate a token for the session. 2. The user pass then to the Midtier, and here will be a piece that get the login, session token and other parameters from the session. This step is transparent for the user. 3. The login and the token are sent (via UserCredential object) to arsystem where we’ll have the SSO plugin. 4. The SSO plugin takes the login and the token and validate both. 5. If the user not exists or the token is not validated the plugin SSO return an “KO” and the login page is showed. I guess, the way for send the token is through the "authString" parameter of the UserCredential object, does it? Is it the correct way to do this?? Thank you very much. Sergio Feito. 2013/11/27 Mueller, Doug <[email protected]> > ** > > Sergio, > > > > What you are attempting is actually the most common use of AREA – using > the AREA plugin for > > authentication but having the Authorization from the User form. > > > > All of the extra fields – groups, notification methods, email address – of > the AREA return are optional. If they > > are not supplied, the system should take the yes/no about authentication > to tell if the user is valid and then > > look up the other data from the User form. > > > > Take a look at the documentation page > > > > https://docs.bmc.com/docs/display/ars81/AREA+API+data+structure > > > > It talks about the return structure of the AREA call and the fact that if > values returned are NULL, it will cross > > reference the user form for the information. You can supply some values > and not others or no values for > > anything and have everything other than authentication be from the user > form. > > > > Note that you need to have the cross reference blank password setting > configured to cause AREA to look at > > the user form after authentication. > > > > I hope this is helpful, > > > > Doug Mueller > > > > *From:* Action Request System discussion list(ARSList) [mailto: > [email protected]] *On Behalf Of *Sergio Feito > *Sent:* Monday, November 25, 2013 8:54 AM > *To:* [email protected] > *Subject:* area plugin authorization issue > > > > ** > > > > Hi. > > > > I'm trying to develop an area plugin in java in an ARS 8.1. The > authentication works fine but not the authorization (licenses and groups). > The user log into the system and exists in the User form but doesn't take > licenses or group list from the User form. > > > > I want to make the users are assigned the license type, app licenses, > group list etc... specified in the User form instead setting this > parameters as a constant in the plugin. > > > > Is there any way to do this?? > > > > Best regards > > Sergio Feito. > > _ARSlist: "Where the Answers Are" and have been for 20 years_ > _ARSlist: "Where the Answers Are" and have been for 20 years_ > _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
