Security Framework Guide

Security Framework Guide

Configuration Parameters

Configuration Parameters

Before you use the security framework, you must configure the configuration parameters for the security provider. The configuration parameters vary based on the security provider, which can be a database, LDAP, or Active Directory.

Configuration Parameters for LDAP

The following table describes all the configuration parameters that LDAP requires:
Parameter
Description
URL
The LDAP server address for authentication and authorization.
AUTH_MECHANISM
The authentication mechanism for LDAP server.
SYSTEM_ACCOUNT
System account for the LDAP server.
SYSTEM_PASSWORD
Password for system account.
HASH_ALGORITHM_TYPE
Hash algorithm used for storing the user passwords.
USER_DN
Distinguished name for user entity.
USER_ATTRIBUTE_ID
Unique attribute ID for the user.
USER_QUERY
LDAP query for retrieving a particular users.
USER_OBJECT_CLASSES
Object classes for the User entity.
ROLE_DN
Distinguished name for role entity.
ROLE_ATTRIBUTE_ID
Unique attribute ID for the role.
RESOURCE_DN
Distinguished name for resources entity.
RESOURCE_ATTRIBUTE_ID
Unique attribute ID for the resources.
PRIVILEGE_DN
Distinguished name for Resources entity.
PRIVILEGE_ATTRIBUTE_ID
Unique attribute ID for the privileges.
PERMISSION_DN
Distinguished name for permissions entity.
PERMISSION_ATTRIBUTE_ID
Unique attribute ID for the permissions.
USERS_GROUP_DN
Distinguished name for users group entity.
USERS_GROUP_ATTRIBUTE_ID
Unique attribute ID for the permissions.
CACHE_MANAGER_CONF_FILE
Path to the cache manager file. Cache is for performance and session storage.
ACTIVE_SESSION_CACHE_NAME
Name of the cache.
ENABLE_AUTORIZATION_CACHE
Enable or disable cache for authorization information.
SESSION_TIME_OUT
Timeout value for the session, after this time user session expires.
REMEMBER_ME
Remember user credentials.

Configuration Parameters for Active Directory

Before you configure the parameters for Active Directory, create two security groups named
IDD_ADMIN
and
IDD_APP_USER
in Active Directory. The
IDD_ADMIN
role has administrator privileges with which you can deploy an Informatica Data Director application. The
IDD_APP_USER
role has user privileges with which you can access a deployed Informatica Data Director application. You must assign the
IDD_ADMIN
and
IDD_APP_USER
roles to the appropriate users based on your requirement.
The following table describes all the configuration parameters that Active Directory requires:
Parameter
Description
URL
The Active Directory server address for authentication and authorization.
AUTH_MECHANISM
The authentication mechanism for the Active Directory server.
SYSTEM_ACCOUNT
System account for the Active Directory server.
SYSTEM_PASSWORD
Password for system account.
HASH_ALGORITHM_TYPE
Hash algorithm used for storing the user passwords.
USER_DN
Distinguished name for user entity.
USER_ATTRIBUTE_ID
Unique attribute ID for the user.
USER_QUERY
Active Directory query for retrieving a particular users.
USER_OBJECT_CLASSES
Object classes for the User entity.
ROLE_DN
Distinguished name for role entity.
ROLE_ATTRIBUTE_ID
Reserved for future use and do not remove the parameter.
RESOURCE_DN
Reserved for future use and do not remove the parameter.
RESOURCE_ATTRIBUTE_ID
Reserved for future use and do not remove the parameter.
PRIVILEGE_DN
Reserved for future use and do not remove the parameter.
PRIVILEGE_ATTRIBUTE_ID
Reserved for future use and do not remove the parameter.
PERMISSION_DN
Reserved for future use and do not remove the parameter.
PERMISSION_ATTRIBUTE_ID
Reserved for future use and do not remove the parameter.
USERS_GROUP_DN
Reserved for future use and do not remove the parameter.
USERS_GROUP_ATTRIBUTE_ID
Reserved for future use and do not remove the parameter.
CACHE_MANAGER_CONF_FILE
Path to the cache manager file. Cache is for performance and session storage.
ACTIVE_SESSION_CACHE_NAME
Name of the cache.
ENABLE_AUTORIZATION_CACHE
Enable or disable cache for authorization information.
SESSION_TIME_OUT
Timeout value for the session, after this time user session expires.
REMEMBER_ME
Remember user credentials.
ADS_GROUPS_TO_ROLES_MAP
Name of the map that defines the domain names for the
IDD_ADMIN
and
IDD_APP_USER
roles.
You can use client tools, such as
ldp.exe
or an eclipse plug-in, to browse the Active Directory and view the domain names of the roles.
For example:
<ProviderMapProperties> <Map name="ADS_GROUPS_TO_ROLES_MAP"> <Property name="CN=IDD_ADMIN,CN=Builtin,DC=infatest,DC=local">IDD_ADMIN</Property> <Property name="CN=IDD_APP_USER,CN=Builtin,DC=infatest,DC=local">IDD_APP_USER</Property> </Map> </ProviderMapProperties>

Configuration Parameters for a Database Security Provider

The following table describes all the configuration parameters that a database security provider requires:
Option
Description
DB_TYPE
Type of a database.
DB_SERVER_NAME
Address of database server.
DB_SERVER_PORT
Port address for the clients to connect the DB server.
DB_NETWORK_PROTOCOL
Network protocol for the DB connection, required for Oracle.
DB_DRIVER_TYPE
Driver type for the JDBC connection. For Oracle, the value is 'thin'.
DB_SERVICE_NAME
Service name, required when database is Oracle.
DB_USER
Database user which has admin rights of the database.
DB_PASSWORD
Password of the Database user.
DB_DATABASE_NAME
Name of the database.
HASH_ALGORITHM_TYPE
Hash algorithm used for storing the user passwords.
ENABLE_PERMISSION_LOOKUP
Enable or disable permission lookup.
AUTHENTICATION_QUERY
SQL query to perform authentication.
USER_ROLE_QUERY
SQL query to retrieve role for the particular user.
PERMISSION_QUERY
SQL query to retrieve permission details.
CACHE_MANAGER_CONF_FILE
Path to the Cache manager file. Cache is for performance and session storage.
ACTIVE_SESSION_CACHE_NAME
Name of the cache.
ENABLE_AUTORIZATION_CACHE
Enable or disable cache for authorization information.
SESSION_TIME_OUT
Timeout value for the session, after this time user session expires.
REMEMBER_ME
Remember user credentials.

0 COMMENTS

We’d like to hear from you!