The template file is an xml file named dssso.xml in drive:\ibi\DevStudio77\bin.
All of the custom logon templates are placed in this file:
The following describes all of the tags needed for a template file. All of the mandatory tags are required even if they have no attribute value specified (in which case the attribute assumes a default value). For the sake of clarity, you should specify all attributes, even those in which you do not change the default value.
These tags are mandatory.
<?xml version="1.0" ?> <authentications>
This tag is mandatory.
<authentication name="form1" [desc="Description of Form 1"]>
where:
Is a name for the template.
Is the name that displays on the Web component authentication list. If this attribute is omitted, the value for the name attribute displays.
These tags are mandatory.
<sso_logon_resource desc="Logon Resource" [read_only="{true|false}"] [visible="{true|false}"]> <protocol [default="{protocol|https|%%environment%%}"] /> <host [default="{hostname|%%environment%%}"] /> <port [default="{port_number|%%environment%%}"] /> <path default="resource_uri" /> </sso_logon_resource>
where:
Is the URL of the program that will log users onto the SSO product. For example, this program may be a jsp, servlet, active server page, or CGI.
Is the description that displays on the Web component authentication list.
Is the protocol to use to get to the logon resource, either http or https.
Is the host name of the logon resource.
Is the port number of the logon resource. When the default attribute is not specified, no explicit port value will be used in the connection. The effective port in this case depends on the protocol value. If the protocol is http then the port will be 80. If the protocol is https then the port is 443. A forward slash is pre-pended to the value of the default keyword if the value does not begin with one.
Is a template variable that is replaced at run time by the corresponding value found in the Web Component environment dialog box. For example, wftest.ibi.com is the default for host in the following environment:
Is the part of the URL that follows the port and specifies the path to the logon resource.
True specifies that the value can be changed in the Developer Studio Environments window, false that it cannot. The default value is true.
True specifies that the value can be viewed in the Developer Studio Environments window, false that it cannot. The default value is true.
These tags are mandatory.
The logon result will be a cookie if the logon was successful. If the logon was not successful, no cookie should be returned by the security system, which indicates to Developer Studio that the login failed. In this case, Developer Studio opens a logon dialog that allows the user to re-enter the ID and password.
If a cookie is returned, Developer Studio assumes that the logon was successful and forwards the cookie to WebFOCUS on every request. To describe the cookie required for authentication, add the following tags to the template:
<logon_result name="cookie_name" [type="cookie"] [visible="false"] />
where:
Is the name of the cookie returned by the logon resource. This name is case sensitive.
Indicates what Developer Studio should expect as the result of a successful logon. If omitted, it defaults to cookie.
True specifies that the value can be viewed in the Developer Studio Environments window, false that it cannot. The default value is false.
These tags are mandatory.
<user name="user" [desc="User Id"] [default="%%environment%%"] [read_only="true"] [visible="true|false"] /> <password name="password" [desc="Password"] [default="%%environment%%"] [read_only="true"] [visible="{true|false}"] />
where:
Is the authenticated user ID. Note that this value is established as read only and, by default, is taken from the Web Component environment dialog box.
Is the name that displays on the Web component authentication list. If this attribute is omitted, the value for the user name attribute displays.
Is the authenticated password. Note that this value is established as read only and, by default, is taken from the Web Component environment dialog box. The value does not display even if the visible property is specified.
Is the name that displays on the Web component authentication list. If this attribute is omitted, the value for the password name attribute displays.
Is a template variable that is replaced at run time by the corresponding value found in the Web Component environment dialog box.
True specifies that the value can be viewed in the Developer Studio Environments window, false that it cannot. The default value is true.
True specifies that the value can be changed in the Developer Studio Environments window, false that it cannot. The default value is true.
The need for additional variables is determined by what you need to process a logon (in addition to a user ID and password).
<variable name="var1" [desc="Label 1"] [default="initial_value"] [read_only="{true|false}"] [visible="{true|false}"] [optional="{true|false}"] > [<protocol [default="{protocol|http|%%environment%%}"] [visible="false"] /> ] [ <host [default="{hostname|%%environment%%}"] [visible="false"] /> ] [ <port [default="{port_number|80|%%environment%%}"] [visible="false"] /> ] [ <path default="resource_uri" [visible="false"] /> ] </variable>
where:
Is a name for the additional variable required by the security system.
Is the name that displays on the Web component authentication list. If this attribute is omitted, the value for the variable name attribute displays.
Is a default value for the variable.
Is used to specify the protocol if the SSO product needs environment information for the additional variable. For more context, see the description of the sso_logon_resource tag.
Is used to specify the host name if the SSO product needs environment information for the additional variable. For more context, see the description of the sso_logon_resource tag.
Is used to specify the port number if the SSO product needs environment information for the additional variable. For more context, see the description of the sso_logon_resource tag.
Is a template variable that is replaced at run time by the corresponding value found in the Web Component environment dialog box.
Is used to specify the resource URL if the SSO product needs environment information for the additional variable. For more context, see the description of the sso_logon_resource tag.
True specifies that the value can be changed in the Developer Studio Environments window, false that it cannot. The default value is false.
True specifies that the value can be viewed in the Developer Studio Environments window, false that it cannot. The default value is true for the variable name tag and false for the protocol, host, port, and path tags.
True specifies that the attribute is optional, false that it is not. The default value is false.
By default, Developer Studio deletes cookie information when it is shut down. To preserve user-specified cookies, the cookie names must be specified using a cookie exception list in the template file. This list can be added to an existing template or a new template can be created to store just the cookie list. There is no limit on the number of cookies that can be specified.
<cookie_exclude_list> <variable name="var1" default="cookie_name" visible="true"/> </cookie_exclude_list>
Is a parameter name for the cookie.
Is the name of the cookie. If this value is blank or contains a sample name for display purposes, the developer must specify the required cookie name in the Authentication Settings dialog box.
True specifies that the value can be viewed in the Developer Studio Environments window, false that it cannot. The default value is true.
This tag is mandatory.
</authentications>
Developer Studio comes with several sample templates in its template file. The following example shows the SiteMinder sample logon template. Note that:
<authentication name="ibi_sm" desc="SiteMinder"> <sso_logon_resource desc="Logon Resource" read_only="false" visible="false"> <protocol default="%%environment%%" /> <host default="%%environment%%" /> <port default="%%environment%%" /> <path desc="" default="/siteminderagent/forms/login.fcc" /> </sso_logon_resource> <user name="user" desc="User Id" default="%%environment%%" read_only="true" visible="true" /> <password name="password" desc="Password" default="%%environment%%" read_only="true" visible="true" /> <logon_result name="SMSESSION" type="cookie" /> <variable name="SMAUTHREASON" default="0" read_only="true" visible="true" /> <variable name="TARGET" read_only="false" visible="true"> <protocol default="%%environment%%" /> <host default="%%environment%%" /> <port default="%%environment%%" /> <path default="/ibi_html/index.html" /> </variable> </authentication>
The following example illustrates a SiteMinder template with a cookie exception list.
<authentication name="ibi_sm" desc="SiteMinder"> <sso_logon_resource desc="Logon Resource" read_only="false" visible="false"> <protocol default="%%environment%%"/> <host default="%%environment%%"/> <port default="%%environment%%"/> <path desc=""default="/siteminderagent/forms/login.fcc"/> </sso_logon_resource> <user name="user" desc="User Id" default="%%environment%%" read_only="true" visible="true"/> <password name="password" desc="Password"default="%%environment%%" read_only="true" visible="true"/> <logon_result name="SMSESSION" type="cookie"/> <variable name="SMAUTHREASON" default="0"read_only="true" visible="true"/> <variable name="TARGET" read_only="false"visible="true"> <protocol default="%%environment%%"/> <host default="%%environment%%"/> <port default="%%environment%%"/> <path default="/ibi_html/index.html"/> </variable> <cookie_exclude_list> <variable name="ExcludeCookie1" visible="true">CookieName1</variable> <variable name="ExcludeCookie2" visible="true">CookieName2</variable> <variable name="ExcludeCookie3" visible="true">CookieName3</variable> </cookie_exclude_list> </authentication>
The following displays in the Authentication Settings dialog box when SiteMinder is selected as the Web Authentication component in the WebFOCUS Environment Properties dialog box:
The following example illustrates a template called Cookie_save_list and disables the signon request by setting the sso_logon_resource parameter to NONE.
<authentication name="ibi_Preserve_Cookies_Template" desc="Cookie_save_list"> <sso_logon_resource desc="Logon Resource" read_only="false" visible="false">NONE </sso_logon_resource> <user name="user" desc="User's Name" default="%%environment%%" read_only="true" visible="true"/> <password name="password" desc="User's Password" default="%%environment%%" read_only="true" visible="true" />
<cookie_exclude_list> <variable name="ExcludeCookie1" default="CookieName1" visible="true"/> <variable name="ExcludeCookie2" default="CookieName2" visible="true"/> <variable name="ExcludeCookie3" default="CookieName3" visible="true"/> <variable name="ExcludeCookie4" default="CookieName4" visible="true"/> </cookie_exclude_list> </authentication>
The following displays in the Authentication Settings dialog box:
WebFOCUS |