Starting with this post I would talk about various Authentication features provided by LiveCycle.
To start, lets understand few terms that are used as part of this series. The User Management component (henceforth referred as UM) of LiveCycle handles all the security related items like handling authentication, managing Users, Groups , Roles etc. It provides three important services
- AuthenticationManager - Provides the authentication related methods.
- AuthorizationManager - Provides methods for determining access and authorization.
- DirectoryManager - Provides methods to query the UM domain model. Also provides methods to create, update, search User, Roles etc
Domain model
In brief following are few of the important domain objects provided by UM
- Principal - The most basic entity in UM is a Principal. You can assign Roles to a Principal or assign task. A Principal is extended by User or Group
- User - The name says it all. An User can be created locally or it can be synched from an external repository like Directory Server.
- Group - A Group represent a set of users or groups. One can assign permission, roles to a group which then get percolated to the group members. Groups can be nested. They can be created locally or synched from an external repository.
User Types
For authentication purpose we are more concerned with User. User's can be broadly classified in two ways
- Local User - These are user's which are created and managed by UM. You can create such user's through the AdminUI or through apis exposed by the DirectoryManager. These users can only be authenticated through username/password mechanism
- Enterprise Users - These user's are synched from an external repository. There authentication is also handled by an external authentication service like a Directory Server. For creating such user you typically create a Domain and synch the users from such external sources
Again our focus would be more on such external users. The concepts would also apply to the local users also (in a limited way)
User Attributes
An enterprise user has following important attributes
- userid - This is the user's login identifier. Say while authenticating using username and password a user would provide the userid as his username. A user's userid can change
- canonicalName - This serves as a user's unique identifier. Refer to this post to understand what constitute as unique identifier. In brief this value should NEVER change for a user
SSO
SSO stands for Single Sign On. In LiveCycle SSO means two things
- SSO between End User UI - This is a new feature introduced in ES U1. It means that if you log into one of the LiveCycle application like Workspace, Content Services etc then you can navigate to any other component's ui seamlessly. Say if you are in Content Services UI and click on Task's link then it should open the workspace without you providing your credentials again. This is something which is internal to LiveCycle so as a user you would not have to configure it
- SSO within Enterprise - Cannot think of a better phrase. Anyway it means that if your company already has a SSO solution in place then LiveCycle can integrate with that. Next few post in this series would deal with this area only and we would also discuss about the new SPNEGO based SSO
This was in brief a small introduction to UM lingo. The next post would talk about Users Identity in LiveCycle
Leave a comment