CWS authentication to CS through OTDS

Hi,

Is there any technical note or detailed explanation about how Content Web Services authentication to Content Server works when it's controlled by OTDS.

Thanks - Jordi

Find more posts tagged with

Comments

eLink User

Does the example from OT not make sense,I see they have an example that says if OTDS is being used then your authentication is from the OTDS server?

I have a feeling that you want to trap the domain authentication(Traditional SSO),in other word you want your application to run without providing a userid/password

Is that your qn?

..appu appnair appunair

Well, if I called the wrongnumber, why did you answer the phone?
James Thurber, New Yorker cartoon caption, June 5, 1937

On Thu, May 21, 2015 at 7:31 AM, eLink Entry: Content Server Development Forum <development@elinkkc.opentext.com> wrote:

CWS authentication to CS through OTDS Posted byjmasip@indra.es (Masip, Jordi)On 05/21/2015 08:26 AM

Hi,Is there any technical note or detailed explanation about how Content Web Services authentication to Content Server works when it's controlled by OTDS.Thanks - Jordi
[To post a comment, use the normal reply function]
Forum: Content Server Development Forum
Content Server: Knowledge Center

Jordi Masip

Yes, it is. Sorry I didn't explain well enough.

Actually we have CS10.5 in Linux environment assuring SSO when people access CS through browser and developed programs interact with CS through Webservices (CWS). No problem at this level. My question was related with the possibility of adding OTDS in this scenario.

Access through browser -> We tested OTDS integration and access to CS is guaranted using network user. However I would like to know how we can avoid that OTDS login page would be displayed in this case when CS URL is used.

Access through CWS -> We have a framework that verifies user identity through installed security system (CAS) when a user request arrives managing corresponding ticketing system. Finally a ticket from CS is obtained when authorization CWS is called in order to be able of performing other actions in CS through other CWS. My question is related with trying to understand how this scenario changes when OTDS is included and authentication is controlled through it. Authentication CWS call would be the same as when CS was accessed previously without OTDS? (Returned ticket in this call would be different, wouldn't it?). Moreover I ask myself if actual user identity trusting system built through our framework could be simplified now.

Thanks in advance - Jordi

eLink User

I find this Document a really good one by OT.It is very long and verbose and it is written for integrating every known integration to OT Livelink.Simply put livelink authentication relies on either internal livelink auth (userid+password) or thru a vetted system(Externally Authenticated=true)

Awesome read

https://knowledge.opentext.com/knowledge/cs.dll?func=ll&objaction=overview&objid=50175085

When I connected my livelink servers to OTDS and made sure I was not using IWA can't remember if it was anonymous.I saw a OTDS redirect with a ?RFA and the livelink URL in a websecaped fashion.I think the RFA is my kerberos token that is present after I have logged in to my domain.Now OTDS will do what it needs to do(talk with AD,LDAP) etc and return the token to livelink,livelink inspects it and says if he/she is External I would allow you in.

The other instance I had to do was when I was integrating a SAPnetweaver user into livelink,this revolved aroung MYSAPSSO2 cookie decryption and OTDS was not around at that time.I had two OT applications that needed to be integrated.IIS (Livelink was very easy no coding needed just configuration) but another product(Artesia,DAM,Java code base) we had to create our own implementation.I see that OTDS has the same MYSAPSSO2 decryption mechanisms now.

If you are looking for simple IWA/NTLM authentication at the webserver and passing down REMOTE_USER to the livelink app whether gui or CWS that also is possible,I do not know how to get that all working if OTDS was really the gatekeeper.

Perhaps Mark Simm can guide you correctly or Chris Wagg ,they are my goto guys for anything authentication wise.Ask through a ticket they will help.

..appu appnair appunair

Well, if I called the wrongnumber, why did you answer the phone?
James Thurber, New Yorker cartoon caption, June 5, 1937

On Thu, May 21, 2015 at 9:50 AM, eLink Entry: Content Server Development Forum <development@elinkkc.opentext.com> wrote:

CWS authentication to CS through OTDS Posted byjmasip@indra.es (Masip, Jordi)On 05/21/2015 10:43 AM

Yes, it is. Sorry I didn't explain well enough.Actually we have CS10.5 in Linux environment assuring SSO when people access CS through browser and developed programs interact with CS through Webservices (CWS). No problem at this level. My question was related with the possibility of adding OTDS in this scenario.Access through browser -> We tested OTDS integration and access to CS is guaranted using network user. However I would like to know how we can avoid that OTDS login page would be displayed in this case when CS URL is used.Access through CWS -> We have a framework that verifies user identity through installed security system (CAS) when a user request arrives managing corresponding ticketing system. Finally a ticket from CS is obtained when authorization CWS is called in order to be able of performing other actions in CS through other CWS. My question is related with trying to understand how this scenario changes when OTDS is included and authentication is controlled through it. Authentication CWS call would be the same as when CS was accessed previously without OTDS? (Returned ticket in this call would be different, wouldn't it?). Moreover I ask myself if actual user identity trusting system built through our framework could be simplified now.Thanks in advance - Jordi
[To post a comment, use the normal reply function]
Topic: CWS authentication to CS through OTDS
Forum: Content Server Development Forum
Content Server: Knowledge Center

Jordi Masip

Thanks