I feel ticket based authentication for documentum can help in implementing single signon process from another application B. An intermediate servlet between Documentum and that application can do the trick. The steps are as follows:
1.Create a super user account in documentum(if not already present).
1. Create user accounts with identical username in documentum as present in application B.(You can use jobs for that)
2.Keep the Documentum super user password encrypted in a properties file.
3. Fetch the Username of the user logged into the application B using application B’s API into the servlet.
4.Get the documentum super user session in the servlet.
5.Use documentum super user session to get the documentum login ticket of the user(username fetched using app B's API) logged in to the application B.
The servlet will then launch the webtop using this login ticket.
The servlet code should be like this:
public class SSOServlet extends HttpServlet
{
IDfSession session=null;
IDfSessionManager sessMgr=null;
private String superUserName="admin"; //super user name is hardcoded(can be kept in properties file)
private String superUserPwd="adminpwd"; //super user password is hardcoded(can be kept in properties file)
private String username="test_user ";//username should come for application B API
private String docbaseName="Test_DocBase";
private IDfSession getDfSession() throws DfException
{
IDfClientX moClientX =new DfClientX();
IDfClient client = moClientX.getLocalClient();
//create an IDfLoginInfo object named "loginInfoObj"
IDfLoginInfo loginInfoObj = moClientX.getLoginInfo();
loginInfoObj.setUser(superUserName);
loginInfoObj.setPassword(superUserPwd);
loginInfoObj.setDomain("");
sessMgr= client.newSessionManager();
sessMgr.setIdentity(docbaseName, loginInfoObj);
session = sessMgr.getSession(docbaseName);
return session;
}
public void doGet(HttpServletRequest request,HttpServletResponse response) throws ServletException, IOException
{
PrintWriter out = response.getWriter();
try
{
String loginTicket=getDfSession().getLoginTicketForUser(username);
String url="/webtop/component/main?ticket="+loginTicket+" &username="+username+" &docbase="+ docbaseName;
response.sendRedirect(url);
}
catch(DfException dfe)
{
out.println("Inside Exception");
dfe.printStackTrace();
}
}
}
This servlet should be invoked from application B. The servlet will launch the webtop.
Thursday, September 11, 2008
Subscribe to:
Posts (Atom)
