This section describes how to set up Community to produce the SecurityInfo string for you automatically.
You configure the Community component in the IDOL Server configuration file. You must set up the user security type for the Community component in a similar way to the one that you set up for the Content component. For example:
[UserSecurity] DefaultSecurityType=0 DocumentSecurity=True ... 6=NT ... [NT] CaseSensitiveUserNames=False CaseSensitiveGroupNames=False // Authentication Library=C:\IDOLServer/IDOL/modules/user_ntsecurity EnableLogging=True // Group server DocumentSecurity=True V4=True GroupServerHost=127.0.0.1 GroupServerPort=3057 GroupServerPrefixDomain=True SecurityFieldCSVs=username,domain Domain=DOMAIN DocumentSecurityType=NT_V4
The DocumentSecurityType parameter links the [NT] security string section to the IDOL Server security type.
The GroupServerHost and GroupServerPort parameters configure the Community component to collect group membership information from your OmniGroupServer.
You might also need to add the GroupServerPrefixDomain and Domain parameters, depending on how the groups appear in your OmniGroupServer. When OmniGroupServer checks group membership, it uses exact string matches. If the group information in OmniGroupServer contains a domain prefix and the request from the Community component does not, use GroupServerPrefixDomain and Domain to ensure that OmniGroupServer uses the correct domain prefix.
You can see the actions that OmniGroupServer receives by looking at the request log:
http://localhost:3057/action=grl
As an alternative to running the grl action, you can use the Logs page in the Monitor section of IDOL Admin to view the Request log.
The Community component does not send any requests until you add a user and request the security info string.
To add a user, use the UserAdd action (for more information, refer to the IDOL Server Reference).
After you have added the user, you can retrieve the SecurityInfo string by sending the UserRead action for that user with the SecurityInfo parameter set to True.
As an alternative to running actions, you can use the Users page in the Control section of IDOL Admin to set up and manage users.
To troubleshoot issues with the security information, you can use the UserDecryptSecurityInfo action to decrypt a security string, for example to check that it contains the right permissions and restrictions.
You can configure SecurityInfo tokens to expire after a particular time, by using the SecurityTokenLifetime configuration parameter. This parameter specifies the total lifetime of the token, after which a user must request a new token (for example, by logging in to an application again).
You can also configure SecurityTokenIdleTime and SecurityTokenRefreshInterval to expire tokens when a user becomes inactive. When you set these parameters, Community can refresh a token that is close to expiration, up to the configured SecurityTokenLifetime. The token also expires if the user does not send any requests before the specified SecurityTokenIdleTime.
|
|