Security for Third-Party Interfaces

You can set up security for a third-party interface, and use IDOL Server to ensure that result documents are displayed only to people who have the appropriate privileges.

To set up security for a third-party interface

  1. In the IDOL Server configuration file, create the user security types for the repositories from which data is indexed (see Configure User Security). If you want IDOL Server to perform authentication, you must include a security type that specifies the security library that IDOL Server uses for authentication.

  2. In the front-end application, define the user’s security details for the user security types you have set up in IDOL server. You can do this by creating the user in IDOL Server using the UserAdd action, and specifying the user’s security details for the repositories. For example:

    http://localhost:9000/action=UserAdd
    &UserName=JSmith &Password=secret123 &SecurityNTUserusername=JohnS &SecurityNTUserDomain=MyCompany

    This defines a user whose autonomy user name and password are JSmith and secret123, and whose user name and domain in the repository for which the NTUser section sets up security are JohnS and MyCompany.

    Refer to the IDOL Server Reference for full details of how to use actions to define and edit users in IDOL Server.

  3. When a user logs on to the system, your front-end application must communicate with IDOL Server to retrieve an encrypted string that contains the user’s security details for your repositories.

    Send a UserRead action to IDOL Server, with the SecurityInfo action parameter set to true. You must include the user’s user name and password for the repository that IDOL Server authenticates against. You must also include the domain if you are authenticating against an NT repository. For example:

    http://localhost:9000/action=UserRead
    		                  &UserName=JSmith
    				  &Password=secret123
    				  &SecurityInfo=true

    If the CheckEntitlement configuration parameter is set to true, the user is also implicitly authenticated before the securityinfo string is returned.

    IDOL Server returns XML details of the user’s settings, including an encrypted security string that includes the details for all the repositories for which you have set up IDOL Server user security types.

  4. Configure the front-end application to specify the encrypted security string returned in Step 3 as the value of the SecurityInfo parameter when the front-end application sends queries to IDOL Server (for example, using the Agent, Profile, Suggest and Query actions).

    For example:

    http://localhost:9000/action=Query
                            &Text=accounts
                            &SecurityInfo=encrypted_string

    Query IDOL Server with Security Information includes an example of how to use the SecurityInfo parameter.

    Refer to the IDOL Server Reference for full details of the actions that you can send to IDOL Server.

Instead of sending actions to generate the security string in the steps outlined above, you can use the ACI API to create the encrypted strings. For more information, refer to the ACI API Programming Guide.

NOTE:

Actions issued through a browser must be percent encoded to allow unreserved alphanumeric characters. For example, the user name us\jsmith is a valid format for IAS, but an action issued through a browser to IDOL server must percent-encode the unreserved URL character: us%5cjsmith.


_HP_HTML5_bannerTitle.htm