Credentials Mapping for Adapters
Credentials mapping for adapters works using the following process:
• Windchill is pre-configured to include a credentials mapping task. This task is configured through the Windchill adapter using the wt.federation.task.mapCredentials property value, which is set to /wt/federation/MapCredentials.xml. The contents of this task are dynamically generated, starting with the following file:
<Windchill>/tasks/wt/federation/MapCredentials.xml.template
using the property values found in site.xconf.
Windchill’s LDAP access for user and group information relies on this credentials mapping task, and can provide credentials to adapters based on whether the current user is an administrator or a regular user. If you would like to modify mapped credentials, you can set properties in
site.xconf. For more information, read the contents of
MapCredentials.xml.template and see
Managing the Credentials Task.
|
If you need to customize this task you should do so by modifying the MapCredentials.xml.template file. You should also keep a backup copy, because patch or maintenance release installation may overwrite your customization.
|
• Your Info*Engine administrator sets the configuration property named .credentialsMapper (which defines the mapping task and enables credentials mapping), and optionally sets the .credentialsTimeToLive and .credentialsFiles properties (which indicate how long the information should remain cached and if there are additional files that have mapping information in them).
• When Info*Engine is called to parse and execute a JSP page or a task that accesses an adapter, it checks to see if a credentials mapping task has been defined. If it discovers that one has been defined, it executes the specified task before executing the JSP page or task originally passed to it. The output group produced by the credentials mapping task is saved as a context group named Auth-Map.
• When Info*Engine encounters a webject that must be routed to an adapter, it checks the webject to see if DBUSER and PASSWD parameters have been explicitly specified. If they have not been specified, it uses the value of the webject INSTANCE parameter as a key to find DBUSER and PASSWD values in the Auth-Map context group. If values are found, it adds them to the webject as if they had been specified explicitly by the author of the task. Otherwise, the webject is routed to the adapter unmodified.