User directory LDAP and SSO @ L.V. Expertise X3

Principle
Limitations

Introduction

Principle

When connecting to the SAFE X3 application, the information about the SAFE X3 user need to be read in a LDAP ( Lightweight Directory Access Protocol) directory.

A user connected on his/her workstation under Windows has already signed in (the user has entered his/her password). When connecting to SAFE X3, the user must not enter his/her login and password again.

Signing in once is called SSO (Single Sign-On).

Limitations

The suggestedSSO will only work in CS.

Calling the LDAP directory will work in CS and in Web mode.

Setup values in folder
Distinguished Name
User directory function
Additional functions in batch

Description

Setup values in folder

To implement the user directory, the following setup values must be entered in the folder.

SSO connection

The setup valueSSOCONNECT is used to activate the X3 SSO/ LDAP function.

The possible values are:

Non: The SSO/LDAP connection is inactive,
Interactive:The SSO/LDAP connection is only active in interactive mode (CS and Web)
Interactive and Web service: the SSO/LDAP connection is active in interactive mode and also for the web services.

Directory code

The SSODIRECT setup value contains the directory code when the SSOCONNECT setup is active.

user update at the connection

The SSOMAJ setup value (Yes/No) is used to determine if the update of the user record and the user setup values must be carried out at each X3 user connection.

If its value is set to No, the ASSOMAJ task will have to be abandoned for the update.

SSO password control

The SSOPASSWD setup value (Yes/No) is used to determine if the password control is mandatory in CS mode.

The connection in CS is possible if the login and connection box is equal to the login entered when the user is entered in the network.

If this setup is set to Non, the password control in CS is not carried out.

In Web mode, the control is systematically carried out.

Reference for user update

Distinguished Name

The information of a LDAP directory are displayed as a graphical tree.

Each node from the tree is an abstract or real object (an individual, a group of people, a printer, setups,...)

The DN (Distinguished Name) of an object is a way to identify an object in a unique way in the hierarchy.

This first identifier is stored in the user record. The field isAUTILIS.ADDNAM.

Connection principle

Let's consider that the SSO mode is active and that a X3 user is connected for the first time to the SAFE X3 application.

Note: A second identifier is set up in the directory and, generally speaking, it is the login.

The X3 application, when connecting, checks that the login entered exists in the directory. If yes, the application recovers the DN (Distinguished Name), which is updated in the ADDNAM field of the AUTILIS user table.

If the SSOMAJ setup value is set toYes, all the 'mapped' fields are updated in the user record and in the X3 setup values.

User directory function

Access to the LDAP server

The Directory function is used to define the configuration in order for the X3 application to be able to read the information included in the LDAP directory.

The fields mapping

A correspondence is carried out between the fields of the user table, the user setup values table and the LDAP directory fields.

Additional functions in batch

TheASSOMAJ task is used to update the users compared with the LDAP directory.

The link is carried out by the DN (Distinguished Name) if it is already entered in the user table. Otherwise, the second identifier set up (generally the login) is used to find the DN.