Setting up an authentication alias
An authentication alias enables you to use an alternate user name (User Name Alias) or an authentication string (Authentication String Alias) when the operating system or an AR System External Authentication (AREA) plug-in is performing the authentication. The User Name Alias and the Authentication String Alias operate independently of one another, so you can use both or either one alone.
Configuring the User Name Alias
A User Name Alias is a secondary account name associated with a user and is used only for authentication purposes. The user's primary account name (the login name entered into the User Name field of the Login dialog box of AR System clients) is used for all other purposes. If a User Name Alias is defined, the AR System server uses it to authenticate the user and password.
The User Name Alias is applicable in the following situations:
- When you want the user's full name to be used as the AR System login instead of the user's computer account name. The system uses the alias when authenticating the user.
- When a user's name changes, the user can use the new name to log in to AR System but continue to use the same computer account name for authentication purposes.
- When a user's computer account or domain name is subject to changes. Leveraging an alias enables the user to continue using the same user name to log in throughout the changes
To configure the User Name Alias
- Add a character field to the User form in Developer Studio.
Name it Authentication Login Name, and set the field's properties as follows:
Field property
Field
Name
Authentication Login Name
Field ID
117
Data Type
Character
Database Length
30
You can set any permissions, including whether the values are optional or required. You can also create workflow to populate and validate the values in this field. Be cautious when setting permissions. Typically, only an administrator or workflow should set the values in this field.
The information in the Authentication Login Name field is accessed when the user logs in to a AR System client and the following conditions apply:
- Cross-Reference Blank Password is configured on the AR System server (see Cross-referencing-blank-passwords).
- The Password field on the User form is empty.
- One of the following external authentication methods is used:
- An AREA plug-in
- A Windows domain server (when the AR System server is running on a Windows platform)
- A UNIX password resolution (when the AR System server is running on a UNIX platform)
- The Authentication Login Name field on the User form interacts with the User Name field in the Login dialog box according to the following rules:
- If the Authentication Login Name field is present on the User form, the value in this field is used for authentication instead of the name entered in the User Name field in the Login dialog box.
For backwards compatibility, if the Authentication Login Name field is not present on the User form or the value in this field is NULL, the user is authenticated with the information entered in the User Name field in the Login dialog box.
On the LDAP server, the values in the Authentication Alias Name field and the User Login Name field must be the same.
To log in to AR System:
- You must use the value of the Login Name field on the User form.
- You must use the password that you have set for the Authentication Alias Name field on the LDAP server.
These rules apply to all AR System clients, including those accessing a AR System server by using C or Java APIs.
Configuring the Authentication String Alias
When an Authentication String Alias is defined, it overrides any entry in the Login dialog box of the AR System client. The Authentication String Alias can be used to identify the correct authentication domain for the user.
Use the Authentication String Alias in the following situations:
- When users belong to specific authentication domains and you do not want to require users to enter an authentication string when they log in.
- When a user's computer account or domain name is subject to changes. Leveraging an Authentication String Alias enables the user to continue using the same user name to log in throughout the changes.
To configure the Authentication String Alias
- Add a character field to the User form in Developer Studio.
Name it Authentication String. Set the field's properties as follows:
Field property
Field
Name
Authentication String
Field ID
118
Data Type
Character
Database Length
255
You can set any permissions, including whether the values are optional or required. You can also create workflow to populate and validate the values in these fields. Be cautious when setting permissions. Typically, the values in this field should be set only by an administrator or by workflow.
The information in the Authentication String field is accessed when the user logs in to an AR System client and the following conditions apply:
- Cross-Reference Blank Password is configured on the AR System server. (See Cross-referencing-blank-passwords for more information.)
- The Password field on the User form is empty.
- One of the following external authentication methods is used:
- An AREA plug-in
- A Windows Domain server (when the AR System server is running on a Windows platform)
- A UNIX password resolution (when the AR System server is running on a UNIX platform)
Login dialog box
The Authentication String Alias field on the User form interacts with the Authentication field in the Login dialog box according to the following rules:
- The value in the Authentication String field on the User form is used instead of the entry in the Authentication field in the Login dialog box.
- For backwards compatibility, if the Authentication String Alias field is not present on the User form or the value in this field is NULL, the information entered in the Login dialog box is used for authentication.
These rules apply to all AR System clients, including those accessing a AR System server by using C or Java APIs.