Map-Credentials
DESCRIPTION
Reads a file or executes a task to establish a group as the credentials map for the task in which the webject executes (or does both). A credentials map is a Auth-Map context group that provides authentication information used by adapters in establishing connections to back-end information systems. Each element of a credentials map provides a username and associated credentials that are used in connecting to a specific back-end system.
The webject can be specified explicitly at any point in a task to create or change the credentials map that affects the remainder of the webjects in the task. If the .credentialsMapper configuration property is set, Map-Credentials is also called implicitly at the beginning of every task to create the initial credentials map for the task. If a default credentials mapping task has not been configured, Map-Credentials webject is not called implicitly.
For additional information about credentials mapping, see
Credentials Mapping.
SYNTAX
<ie:webject name="Map-Credentials" type="MGT">
<ie:param name="FILES" data="dir_path"/>
<ie:param name="TASK" data="uri"/>
<ie:param name="USERNAME" data="user_name"/>
</ie:webject>
PARAMETERS
Required
|
Select
|
Optional
|
|
FILES
|
USERNAME
|
|
TASK
|
|
FILES
Specifies the system filepath directory in which each file is assumed to contain credentials mapping information for a specific user. The USERNAME parameter is concatenated to the FILES parameter to produce the path name of one such file. The resulting file name is formatted as follows:
FILES_parameter_value/USERNAME_parameter_value
The file is then read and parsed to produce a credentials map. Each line of the file is assumed to be of the form:
instance:dbuser:passwd
where:
◦ instance specifies the name of an Info*Engine adapter or the instance names used with the WES or MSG webjects.
◦ dbuser specifies the username.
◦ passwd specifies the credentials that are provided to the adapter for creating connections to the associated back-end information system.
If both FILES and TASK are specified, file-based mapping is performed first, then the credentials mapping task is executed. This allows some base or default mapping information to be specified using files, then augmented or overridden by the task.
If the FILES parameter is omitted, file-based mapping is not performed. In this case, the credentials map is derived only from the output of the task specified by the TASK parameter. The FILES parameter must be specified if the TASK parameter is omitted.
TASK
Specifies the URI of an Info*Engine task that produces an Auth-Map group that is used as a credentials map. For example, the credential mapping task could do one of the following:
◦ Allow a user to explicitly authenticate to Info*Engine once, and then Info*Engine automatically authenticates the user to other enterprise information systems.
◦ Enable role-based access to network resources by identifying the role played by a particular user, and then creating the output group containing the authentication information shared by users who play the same role.
If both FILES and TASK are specified, file-based mapping is performed first, then the credentials mapping task is executed. This allows some base or default mapping information to be specified using files, then augmented or overridden by the task.
The last group produced by a webject in this task becomes the credentials map. If the TASK parameter is not specified, a credentials mapping task is not executed. In this case the credentials map is derived only from the FILES parameter. The TASK parameter must be specified if the FILES parameter is omitted.
USERNAME
Identifies the name of the user for which a credentials map is being created. If no username is supplied, it is assumed that the credentials mapping task takes appropriate action to reject anonymous access (for example, by throwing an exception), or provides a default credentials map for anonymous access.
The default for this parameter is for the webject to obtain a username from the attribute named auth-user of the SERVER context group. This parameter is optional.