Security Series I – Terms used in LiveCycle User Management

Starting with this post I would talk about various Authentication features provided by LiveCycle.

To start, lets understand few terms that are used as part of this series. The User Management component (henceforth referred as UM) of LiveCycle handles all the security related items like handling authentication, managing Users, Groups , Roles etc. It provides three important services

* “AuthenticationManager”:http://livedocs.adobe.com/livecycle/8.2/programLC/programmer/javadoc/com/adobe/idp/um/api/AuthenticationManager.html – Provides the authentication related methods.
* “AuthorizationManager”:http://livedocs.adobe.com/livecycle/8.2/programLC/programmer/javadoc/com/adobe/idp/um/api/AuthorizationManager.html – Provides methods for determining access and authorization.
* “DirectoryManager”:http://livedocs.adobe.com/livecycle/8.2/programLC/programmer/javadoc/com/adobe/idp/um/api/DirectoryManager.html – Provides methods to query the UM domain model. Also provides methods to create, update, search User, Roles etc

h4. Domain model

In brief following are few of the important domain objects provided by UM

* “Principal”:http://livedocs.adobe.com/livecycle/8.2/programLC/programmer/javadoc/com/adobe/idp/um/api/infomodel/Principal.html – The most basic entity in UM is a Principal. You can assign Roles to a Principal or assign task. A Principal is extended by User or Group
* “User”:http://livedocs.adobe.com/livecycle/8.2/programLC/programmer/javadoc/com/adobe/idp/um/api/infomodel/User.html – The name says it all. An User can be created locally or it can be synched from an external repository like Directory Server.
* “Group”:http://livedocs.adobe.com/livecycle/8.2/programLC/programmer/javadoc/com/adobe/idp/um/api/infomodel/Group.html – A Group represent a set of users or groups. One can assign permission, roles to a group which then get percolated to the group members. Groups can be nested. They can be created locally or synched from an external repository.

h4. User Types

For authentication purpose we are more concerned with User. User’s can be broadly classified in two ways

* _Local User_ – These are user’s which are created and managed by UM. You can create such user’s through the AdminUI or through apis exposed by the “DirectoryManager”:http://livedocs.adobe.com/livecycle/8.2/programLC/programmer/javadoc/com/adobe/idp/um/api/DirectoryManager.html. These users can only be authenticated through username/password mechanism
* _Enterprise Users_ – These user’s are synched from an external repository. There authentication is also handled by an external authentication service like a __Directory Server__. For creating such user you typically create a Domain and __synch__ the users from such external sources

Again our focus would be more on such external users. The concepts would also apply to the local users also (in a limited way)

h4. User Attributes

An enterprise user has following important attributes

* _userid_ – This is the user’s login identifier. Say while authenticating using username and password a user would provide the userid as his username. A user’s userid can change
* _canonicalName_ – This serves as a user’s unique identifier. Refer to “this”:http://blogs.adobe.com/livecycle/2008/06/what_is_dn_and_what_is_the_not_1.html post to understand what constitute as unique identifier. In brief this value should NEVER change for a user

h4. SSO

SSO stands for Single Sign On. In LiveCycle SSO means two things

* SSO between End User UI – This is a new feature introduced in ES U1. It means that if you log into one of the LiveCycle application like Workspace, Content Services etc then you can navigate to any other component’s ui seamlessly. Say if you are in Content Services UI and click on Task’s link then it should open the workspace without you providing your credentials again. This is something which is internal to LiveCycle so as a user you would not have to configure it

* SSO within Enterprise – Cannot think of a better phrase. Anyway it means that if your company already has a SSO solution in place then LiveCycle can integrate with that. Next few post in this series would deal with this area only and we would also discuss about the new SPNEGO based SSO

This was in brief a small introduction to UM lingo. The next post would talk about Users Identity in LiveCycle

VN:F [1.9.22_1171]
Was this helpful? Please rate the content.
Rating: 0.0/10 (0 votes cast)
This entry was posted in Adobe LiveCycle ES. Bookmark the permalink.

One Response to Security Series I – Terms used in LiveCycle User Management

  1. Marj says:

    Hello,
    Do you have an idea if its possible to create a 4 different livecycle account using just one email address? This is for a SSO connection.

    Regards,
    Marj